If the certificates from the certificate chain are not listed as trusted in the Java key store, then the request will fail. This is the way the JVM works (which is where CF is running). If you are using a self-signed certificate or a certificate from a certificate authority that is not trusted by the JVM, then it will fail, every time.
There was also a bug in CF9 Enterprise which would sometimes result in a certificate not being accepted, but I believe that has been fixed in CF10. It was acutally a problem with a 3rd party crypto library that was included in CF enterprise.
So, chances are that you are goign to need to imort one or more certificates into the JVM keystore. You said you've already found sintructions on how to do that, so I won't rehash. If it is a self-signed cert, you will need to import that. If it is a cert with a CA parent, then you should just be able to install the CA root cert.
Hope this helps.
Thanks for your response.
If you happen to have any current docs/instructions on how to import the certificates into the JVM keystore I'd be very grateful. Adobe has some docs published in the CF10 docs but they still have CF9 references all over the place, rather concerning seeing as CF10 replaced JRUN with Tomcat.
Thanks so much for your help.
The instructions should be the same. It is happening at the JVM level, which is below Tomcat or JRun.
The only difference, possibly, would be where the cacerts file is located. I do not have a CF10 install to check against.
This forum post seems to have CF10 specific instructions: http://forums.adobe.com/message/4246821
I've tried to follow the instructions in the link you provided above, as well as the instructions in this link: http://help.adobe.com/en_US/ColdFusion/10.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7 ffc.html
but both are very unclear and reference folders that do not exist on the CF10 installation.
If anyone has any other resources for this I'd be extremely grateful.
Thanks in advance,
Sorry for the lack of clarification, I'm on a Mac, not Windows.
That's COMPLETELY different then.
On a Mac you are not using a JVM that comes with CF, you are using the one built into the operating system.
On the Mac you will find the cacerts file at /Library/Java/Home/lib/security
So go to that directory and type in:
sudo keytool -importcert -file /path/to/cert/file -alias anyName -keystore cacerts -storepass changeit
Then restart CF and try it again.
So how'd it go?
sorry, got busy working with clients. Your advice was spot on, thanks so much for your help.
I'm having the same issue with CF9 can you point me the hot fix for this?