Copy link to clipboard
Copied
We are using the Apache httpclient 4.1.2 to post to an external server, using SSL. The post works fine when running it from the Java JRE , but when the code runs under a JRUN/Colfusion instance that uses the same Java JRE the error message returned is:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
.......
When debugging the connect using the -Djavax.net.debug=all setting, the error message shown internally is:
java.lang.RuntimeException: Could not generate secret
Is there some weird ColdFUsion setting we need to undo to make this work? We installed the cert from the other server in the /rje/lib/sercurity/cacerts file but that did not make a difference. Why does standalone java work and not Jrun?
The JDK version is 1.6.0_24-b07
Coldfusion: 9,0,1,274733
OK, the solution was simple, to disable jsafe the proper way by adding the java command line property:
-Dcoldfusion.disablejsafe=true
Let's hope jsafe is not used for something vital...
Copy link to clipboard
Copied
Problem is solved. Doing a class loading analysis with the java option -verbose:class we we could see that in the ColdFusion case it was loading from the ../WEB-INF/lib/jsafeJCEFIPS.jar of the CF instance for key encryption and that was not the same as in the stand-alone case. So we got rid of that JAR and that made the SSL communication work properly..
Running a mix of J2EE and ColdFusion on the same instance has its challenges...
Copy link to clipboard
Copied
Problem is not solved, since the /WEB-INF/lib/jsafeJCEFIPS.jar file is needed for COldFusion servlets......
How to disable the RSA stuff for J2EE code running on the instance? Classpath sequence changes?
Copy link to clipboard
Copied
OK, the solution was simple, to disable jsafe the proper way by adding the java command line property:
-Dcoldfusion.disablejsafe=true
Let's hope jsafe is not used for something vital...