7 Replies Latest reply on Feb 4, 2015 6:33 AM by BigDadi

    Coldfusion 11 Web Services and SSL Issue

    LCCoder

      Our company has two web services that we host that a vendor uses to grab information from on a periodic basis. These services ran fine on a CF8 SSL site, but once we switched to 11, the services can no longer be created. However, I can create them on our unsecured test site (which also is running CF 11) and access them externally without issue. When I try to create the webservice in the url, I just get a blank page back instead of the XML I should be getting. Is there something special I am missing that has to be done to create web services in a secure environment? The raw error message I get when trying to invoke the secure web service is below:

       

      coldfusion.xml.rpc.XmlRpcServiceImpl$BadWsdlXMLException: Unable to parse WSDL as an XML document. at coldfusion.xml.rpc.XmlRpcServiceImpl.retrieveWSDL(XmlRpcServiceImpl.java:976) at coldfusion.xml.rpc.XmlRpcServiceImpl.access$000(XmlRpcServiceImpl.java:96) at coldfusion.xml.rpc.XmlRpcServiceImpl$1.run(XmlRpcServiceImpl.java:309) at java.security.AccessController.doPrivileged(Native Method) at coldfusion.xml.rpc.XmlRpcServiceImpl.registerWebService(XmlRpcServiceImpl.java:302) at coldfusion.xml.rpc.XmlRpcServiceImpl.getWebServiceProxy(XmlRpcServiceImpl.java:692) at coldfusion.tagext.lang.InvokeTag.doEndTag(InvokeTag.java:469) at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:2987) at cfcallmattersearch2ecfm1244659485.runPage(D:\Web\sims\st\callmattersearch.cfm:9) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:246) at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:734) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:570) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.IpFilter.invoke(IpFilter.java:45) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:487) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:42) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:141) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:94) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:78) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:2 8) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:58) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.filter.CachingFilter.invoke(CachingFilter.java:62) at coldfusion.CfmServlet.service(CfmServlet.java:219) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42 ) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:422) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:198) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.jav a:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)

        • 1. Re: Coldfusion 11 Web Services and SSL Issue
          BigDadi Level 1

          Were you able to resolve this?  I'm having a similar issue.  Calling the webservice externally, I get

          Unable to read WSDL from URL: https://app-dev.phs.psu.edu/standard/date_function.cfc?WSDL.

          Error: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name. It is recommended that you use a web browser to retrieve and examine the requested WSDL document to ensure it is correct.

           

          When I tried to view the WSDL directly in the browser, it just gave me a blank page.  I followed the instructions on this page Deploy SSL (HTTPS) Webservice in Coldfusion - A ShavedMonkey's Coldfusion Blog and made changes to axis2.xml and was then able to view the WSDL.  However, I still get the above error when calling the web service over https (it works fine over http).

          • 2. Re: Coldfusion 11 Web Services and SSL Issue
            BKBK Adobe Community Professional & MVP

            @BigDadi

            Thanks for sharing the tip about modifying the axis2.xml file to enable web services over HTTPS. That is necessary. Nevertheless, the error you are now getting may be related to something else, the Djsse.enableSNIExtension setting in the Java 7 Virtual Machine.

             

            Perform the following test. Go to the Java and JVM page in the ColdFusion Administrator. Add this setting to the JVM arguments:

             

            -Djsse.enableSNIExtension=false

             

            Restart ColdFusion. Does it help?

            • 3. Re: Coldfusion 11 Web Services and SSL Issue
              BigDadi Level 1

              Yes - this is what I needed!  Many thanks!!

              • 4. Re: Coldfusion 11 Web Services and SSL Issue
                BKBK Adobe Community Professional & MVP

                My pleasure. Let us hope it helps LCCoder, too.

                • 5. Re: Coldfusion 11 Web Services and SSL Issue
                  BigDadi Level 1

                  I've got this working on our dev and test servers.  Now I'm trying to deploy it to production.  We have an external prod server in a DMZ that calls the web service on our internal prod server.  We only have port 443 open in the firewall between these two servers (not port 80).  I am able to do a <cfhttp> call to the WSDL over 443 and get back the xml.  However, if I make the web service call using <cfinvoke> I get the following error:

                   

                  Cannot perform web service invocation getNthDayOfMonth.

                  The fault returned when invoking the web service operation is:

                  org.apache.axis2.AxisFault: Connection refused

                          at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

                          at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:197)

                          at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)

                          at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(Common sHTTPTransportSender.java:402)

                          at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSen der.java:231)

                          at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)

                          at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)

                          at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java :229)

                          at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

                          at standard.StandardDate_functionCfcStub.getNthDayOfMonth(StandardDate_functionCfcStub.java: 192)

                          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                          at sun.reflect.NativeMethodAccessorI... ''

                   

                  I am able to successfully call the same web service (on the internal prod server) using the same code from my internal dev server.  However, when I look at my httpd logs on the internal prod server, I don't see the request in the ssl logs.  It shows up in the access_log file as:
                  150.231.26.130 - - [03/Feb/2015:13:48:57 -0500] "POST /standard/date_function.cfc HTTP/1.1" 200 397 "-" "Axis2"

                   

                  Any thoughts why this appears to still be coming through port 80?

                  • 6. Re: Coldfusion 11 Web Services and SSL Issue
                    BKBK Adobe Community Professional & MVP

                    @BigDadi

                    Interesting development. Could you start a new thread on this?