4 Replies Latest reply on Feb 14, 2014 3:24 AM by BKBK

    How can I check if a https:// URL exists with cfhttp?

    pippin84

      Hello,

       

      I have some code that can be used to check if a URL exists where arguments.u is a full URL (http://www.google.com/ for example) - from this I can determine if a URL exists or not as part of a broken link checker for our content.

      <cfhttp method="head" url="#arguments.u#" resolveurl="no" throwonerror="no" />
      

       

      But, in some cases, that arguments.u will be a https URL, like https://www.keeleklikk.ee/ - which is a valid URL and I can access it no problem.

       

      But this gives me the following response from the cfhttp:

      struct
      Charset[empty string]
      ErrorDetailI/O Exception: peer not authenticated
      FilecontentConnection Failure
      Header[empty string]
      MimetypeUnable to determine MIME type of file.
      Responseheader
      struct [empty]
      StatuscodeConnection Failure. Status code unavailable.
      TextYES

       

      How can I modify my cfhttp call so that it properly checks https URLs as well as regular http ones?

       

      Thanks,

      Phil.

        • 1. Re: How can I check if a https:// URL exists with cfhttp?
          Steve Sommers Level 4

          I/O Exception: peer not authenticated usually means you are having a SSL certificate failure. This can be that the url domain name does not match the certificate or the certificate root and/or intermediaries are not in your local certificate store. So far I have not found a way to tell CF to ignore certificate issues and just connect using it so writing an app to scan random or dynamic UR's will be very difficult as it will mean a lot of manual certificate importing. You can google "coldfusion SSL import certificate" of "coldfusion SSL problems cfhttp" and find several threads and posts on this topic.

          • 2. Re: How can I check if a https:// URL exists with cfhttp?
            REEDPOWELL

            I've run into this and the scenario is as Steve explained.  Short of shelling out to curl, which has an option to ignore certificate errors, I never found a good CF solution.  There used to be a custom tag CFHTTP5 that had a lot of great options - when I googled for it to answer your post I found this posting from Ray C that shows a possible CF work-around for the problem:  http://www.raymondcamden.com/index.cfm/2011/1/12/Diagnosing-a-CFHTTP-issue--peer-not-authe nticated

             

            -reed

            • 3. Re: How can I check if a https:// URL exists with cfhttp?
              pippin84 Level 1

              @Steve Sommers:

              The code will be dynamic based on the URLs that are stored in the content - which we won't know until the content has been entered, and even then the content will change every week so any method that involves manually importing certificates will not be possible - it's meant to be an automatic thing, so I think that from this and the other Google searches I've done, it's not possible in CF.

               

              @REEDPOWELL:

              I will look into the curl method, if this is able to do what I need and I can trigger it and get a response within CF then it looks (so far) like the only solution. I had already found that post by Ray Camden, but it gave the same dump with the I/O Exception, so it didn't work for me.

              • 4. Re: How can I check if a https:// URL exists with cfhttp?
                BKBK Adobe Community Professional & MVP

                As Steve and Reed have pointed out, it is indeed a well-known problem. Two examples reported in this forum

                 

                http://forums.adobe.com/thread/1203444

                http://forums.adobe.com/message/4246821#4246821

                 

                Generally, to use SSL in ColdFusion, you first have to import the certificate into the key store of ColdFusion's JRE. You may do so dynamically in 2 steps:

                 

                1) Test whether the site is SSL. If so, use cfexecute to run Openssl to download the certificate to a location on your server;

                2) Use the Keytool utility to import the file from 1) into the keystore {JRE_DIR}/lib/security/cacerts of your ColdFusion installation.

                 

                However, not having tested this, I wonder whether it is possible to update the settings like this without restarting the server.