4 Replies Latest reply on Jun 26, 2007 2:12 AM by prasanth.t

    Coldfusion SSL with cfhttp

    craigdunn

      HI All, CFMX is not my speciality but I've inherited a project that needs some modification.

      It's CFMX6.1 on JRun4, Windows 2003....

      I'm trying to get it to make a cfhttp call to an SSL tomcat server and constantly get back "Connection Failed" - no other errors or helpful information

      I've tried importing the SSL cert into the keystore of the only JRE I can find on the machine (suggested by many Google results), and a tcpdump on the SSL server confirms that it's definatley talking to it on the right port so that rules out simple things like DNS and firewalls or configuration problems with the SSL server I'm connecting to...etc.

      Also, SSL posts seem to work to a variety of other machine of it's own ilk (same platform), but not to this new server.

      Any help would be greatly appreciated.

      Cheers
      Craig
        • 2. Coldfusion SSL with cfhttp
          Grizzly9279 Level 1
          Is there anything funky with this particular SSL cert?

          - Is it issued by an untrusted/unknown certified authority (CA)?
          - Is it expired?
          - Is the "common name" on the certificate different than the domain name you're using to connect to the server?

          If the answer to any of the above questions are "yes", than you will not be able to connect via CFHTTP. You will need to remedy the above issues before continuing with this approach.

          To remedy the untrusted CA issue, you can import the certificate into the JRE keystore (cacerts). The remedy the "common name" issue, you can add an entry in your application server's "hosts" file that will enable you to address the remote host in using the common name found on the certificate.

          Note that both of the above remedies require CF-service restarts in order to take affect.

          If the certificate on the remote host in expired, than I'm afraid there is nothing you can do short of asking the remote host to renew their SSL certificate. Otherwise, you will have no way to programmatically interface with the host using CFHTTP (or any other means for that matter).

          I hope this helps...
          • 3. Re: Coldfusion SSL with cfhttp
            insuractive Level 3
            Try Daverms's solution first. CFHTTP sometimes has problems connecting via SSL even when the certificates are loaded correctly. Adding the following fields:

            <cfhttpparam type="Header" name="Accept-Encoding" value="deflate;q=0">
            <cfhttpparam type="Header" name="TE" value="deflate;q=0">

            Sometimes work magic. Try those and then see if you are still experiencing problems.
            • 4. Re: Coldfusion SSL with cfhttp
              prasanth.t
              I have tried the following in my cfhttp tag , still it is not working.

              <cfhttpparam type="Header" name="Accept-Encoding" value="deflate;q=0">
              <cfhttpparam type="Header" name="TE" value="deflate;q=0">

              Also verified SSL , http comression etc in the server level and found all it as rite, but I am still facing error.

              The program was working fine before the cfm 7.0 upgrdate, is there any issue with the fix? How I can resolve it.

              Any help would be apprecited.