19 Replies Latest reply on Jun 29, 2015 4:22 PM by charlie@carehart.org

    "Peer not authenticated" with RDS configuration using SSL

    bgordon8684

      We have a remote ColdFusion 11 server, and I'm trying to set up ColdFusion Builder 3 on a Windows 7 machine.  I have this RDS connection working in HomeSite with an IDENTICAL configuration, but I get a "peer not authenticated" error in ColdFusion Builder on the same machine connecting to the same server with HomeSite successfully.

       

      I've seen references to AdminServerComponents_WWEJ.zip and have downloaded that and installed the files in ColdFusion11, but when I run "adminstart" I get:

       

      'jrun' is not recognized as an internal or external command, operable program or batch file.

       

      There is no "jrun.exe" on this server.  So can I assume that this file and procedure are not required for ColdFusion 11?

       

      I don't find any answers anywhere on how to get this working with ColdFusion 11...

       

      Thanks for any assistance anyone can offer.  -bg

        • 1. Re: "Peer not authenticated" with RDS configuration using SSL
          charlie@carehart.org Adobe Community Professional & MVP

          Bg, you get that error “when”, exactly? On what screen or operation within CFB? It may be significant.

           

          Because yes, if you can talk to the CF server from the same dev machine using HS+, you should also be able to talk to it from that machine using CFB. I am wondering if the error might possibly relate to something other than RDS processing itself. Your answer should help clarify.

           

          And no, that adminserver component should not be needed.

           

          /charlie

          • 2. Re: "Peer not authenticated" with RDS configuration using SSL
            bgordon8684 Level 1

            Hi, Charlie.  Thanks for the reply.

             

            Upper right corner, right click on server, then "RDS Configuration".  Test connection returns this:

             

            TestConnection.png

             

            Also at the bottom under "CF Servers" with same setup, if I "Start Server", status says "Starting" and stays there forever.

             

            You available for a remote control session to poke around on this computer?

             

            Thanks.  -bg

            • 3. Re: "Peer not authenticated" with RDS configuration using SSL
              charlie@carehart.org Adobe Community Professional & MVP

              Well, let’s clarify first that the RDS config test and the server view are quite different. The latter does NOT rely on RDS (there are facets of the configuration of a server there which DO rely on RDS, but not that “start/stop” status). As for why it remains stuck showing the “starting” status, I don’t readily know, but guess the question would be first “does the server run or not?”, and seconddo you need to be concerned about this status?

               

              So back to the RDS test, this error suggests you are connecting to the server via SSL. Can you confirm that? And when you say that the HomeSite+ setup is identical, are you saying it uses HTTP in its url also?

               

              And when you say these are both connecting to the “same server”, is the URL you’re using also otherwise identical? For instance, you could connect to “the same server” but use 2 different domain names, connecting to the one web server but in different ways. Finally, are you in fact making the connection to CF through a web server (IIS or Apache) or directly using CF’s built-in web server (such as if using port 8500 or the like in your URL)?

               

              As for doing a remote session, we could, sure, but not for free. If I offered that sort of help here, I’d be overwhelmed. But if you mean as per my consulting (see the consulting page at carehart.org), then sure. I just got out of a meeting so have time now, if you do. Otherwise contact me off-list using the contact info offered on that page. Looking forward to seeing your problem solved. As you can see, my questions are striving to help you here on the forums for free, but if you’re pressed for time, it’s true that sometimes there’s no quicker solution than to have such a remote screen-sharing session.

               

              /charlie

              • 4. Re: "Peer not authenticated" with RDS configuration using SSL
                bgordon8684 Level 1

                Yes, consulting would be great.  I'm not getting anywhere with this...

                 

                HomeSite (works):

                homesite.png

                ColdFusion Builder (doesn't work):

                builder.png

                • 5. Re: "Peer not authenticated" with RDS configuration using SSL
                  bgordon8684 Level 1

                  After a very fruitful remote session with Charlie (whose diagnostic and troubleshooting skills are beyond amazing), we got this sorted out.  It appears that HomeSite trusts the SSL certificate on the web server, but ColdFusion Builder does not.

                   

                  We had to export the SSL certificate from the (external) website we were using as RDS host (save it to a .cer file) and import it into the ColdFusion Builder certificate store (C:\ColdFusionBuilder3\jre\lib\security\cacerts) on my PC running ColdFusion Builder using the JDK keytool program.

                   

                  Problem solved.  I would NEVER have been able to figure this out on my own...

                   

                  Thanks, Charlie!

                  • 6. Re: "Peer not authenticated" with RDS configuration using SSL
                    charlie@carehart.org Adobe Community Professional & MVP

                    Thanks for the update and the kind regards, Bill. And yep, I'd say this was one we'd not have readily solved by email, so chalk up another one for the value of online troubleshooting sessions.

                     

                    That said, now that we have learned this, and documented it here, hopefully it could help others who may hit the problem in the future. And certainly if I see such a discussion I'll be able to more readily offer the answer, without need of an online session. We can all learn something new every day.:-)

                    Enjoy your CFB development.

                    • 7. Re: "Peer not authenticated" with RDS configuration using SSL
                      a.s.webster

                      May be a dumb question, but what version of the certificate did you use from the export.  I am having the same issue and have tried several different exports.  The keytool tells me the certificate exists but I am still getting the same peer not authenticated message.

                      • 8. Re: "Peer not authenticated" with RDS configuration using SSL
                        bgordon8684 Level 1

                        Not a dumb question at all.

                         

                        In IIS6:

                        • open secure website properties
                        • Directory Security tab
                        • View Certificate
                        • Details
                        • Copy to File (opens Certificate Export Wizard)
                        • Next
                        • Select "No, do not export the private key"
                        • Next
                        • Leave format at default "DER encoded binary X.509 (.CER)"
                        • Next
                        • Enter filename and finish copy

                        -bg

                        • 9. Re: "Peer not authenticated" with RDS configuration using SSL
                          charlie@carehart.org Adobe Community Professional & MVP

                          Or you can also export the key from your browser, if you don’t have access to the server, perhaps, to use IIS as Bill discusses.

                           

                          BTW, this can be a useful first step to confirming that you can access the site in question AT ALL with RDS. If you can’t browse it, then RDS (from a dev tool like CFBuilder, Dreamweaver, or HomeSite) on the same box will not be able to, either. (And since we’re talking about using SSL in RDS, which is leading to the error, note that you would want to visit the site in your browser using https, also.)

                           

                          Indeed, another benefit of getting the cert from the browser is that you KNOW then that the site you’re visiting in the browser is the one whose cert you want for use with CFB. If you get the cert from the server, as in IIS, you could mistakenly pick a site that you THINK is serving up your response, but you could be mistaken.

                           

                          Anyway, once you do visit the site in your browser, you could then export the cert from the browser (which is in fact what we did for Bill the other day). Anyone can find how to do that for any web browser just by googling for it. It’s pretty easy.

                           

                          Then, once you do have the cert (whether from your browser or web server), and you import it into the cacerts within CFB, don’t forget that you will likely need to restart CFB.

                           

                          If it still doesn’t work, there could again be any number of little gotchas that may be tripping you up, and as with Bill it may be hard to readily identify them all over email (and certainly not quickly), so this may be another case where if we can’t get you going here in the forums, you may want to get some direct remote help like I offered to Bill.

                           

                          But hope the above may help you avoid that.

                           

                          /charlie

                          • 10. Re: "Peer not authenticated" with RDS configuration using SSL
                            a.s.webster Level 1

                            My goal was or is actually to connect to FTP over SSL and only saw RDS in the ColdFusion Builder.  I did not want to enable RDS on the server, so have not tried that yet.  I found this post https://wiki.hostek.com/ColdFusion_Builder about a tool that can be installed to connect over FTP, however; that does not allow SFTP or FTP using SSL.  The RDS method got me closest as I got the peer error message.

                            • 11. Re: "Peer not authenticated" with RDS configuration using SSL
                              bgordon8684 Level 1

                              I feel your pain.

                               

                              I have followed the instructions at the hostek.com link, and I cannot get FTP working.  So now I have an RDS connection to the server (using SSL), and I can load a file from the remote server, but I have no way to save it back to the server!  CFB is still useless at this point.

                               

                              This is incredibly frustrating...  -bg

                              • 12. Re: "Peer not authenticated" with RDS configuration using SSL
                                charlie@carehart.org Adobe Community Professional & MVP

                                A.S., there was FTP support in CFB in CFB2 (provided via the bundled Aptana plugin and integrated in ways I discussed back then, at http://www.carehart.org/blog/client/index.cfm/2012/2/18/cfbuilder201_ftp_hidden_gems), Aptana was removed in CFB3, and it seems the FTP support went with it.

                                 

                                While I have not used FTP with CFB3 myself, I seem to recall looking into this for others before and found the following, both with SFTP support)

                                 

                                http://www.jcraft.com/eclipse-sftp/

                                 

                                https://marketplace.eclipse.org/content/remote-system-explorer-ssh-telnet-ftp-and-dstore-p rotocols

                                 

                                For the second one, RSE, and use of SFTP with it, see http://anothercomputingblog.blogspot.com/2010/04/ftpsftp-support-in-eclipse-with-remote.ht ml.

                                 

                                 

                                Let us know if it helps.

                                 

                                /charlie

                                • 13. Re: "Peer not authenticated" with RDS configuration using SSL
                                  charlie@carehart.org Adobe Community Professional & MVP

                                  Bill, this is new info for me. When we left things last week, you were connecting via RDS over SSL. But I don’t recall noticing if you had tried to either upload or download a file once we confirmed the connection.

                                   

                                  So you’re saying you can pull files down but not push them back up? That really surprises me. RDS does not have any sort of great distinction between those operations, that I know of, so I can’t see it being an RDS problem. And I’ve never heard it to be any sort of generic CFB problem. Finally, I don’t know of anything about SSL support in a web server that would affect downloads differently than uploads.

                                   

                                  Just to rule SSL out, you could change CFB to using a non-SSL connection. Any difference? And I assume you are confirming that the file in question can upload just fine using your HomeSite+/RDS connection, right, which is why you think it’s CFB?

                                   

                                  I’ll add that if perhaps this IS a file that also can’t upload in HS+, then the problem may be due to a limiter in your IIS 6 setup (or something like the free URLScan tool, often used with IIS 6 for injection protection) which may be limiting the size of files that can be posted to the server.

                                   

                                  CF also has a limit for file size uploads (in the CF Admin Settings page), but I don’t recall if that limit applies to RDS-based file uploads. It could. Again, if you would say HS+ can upload the same file to the same server, then clearly it’s not a CF issue.

                                   

                                  But let us know more. Again, I’ve never heard of the problem. Also, check your IIS and CF logs just to see if possibly either has info on the rejection you’re experiencing.

                                   

                                  /charlie

                                  • 14. Re: "Peer not authenticated" with RDS configuration using SSL
                                    bgordon8684 Level 1

                                    Correct.  I downloaded a file early on, but maybe not while we were working together.  Didn't try the save/upload until later.

                                     

                                    Yes, you can pull files down, but not push them back up.  SSL or non-SSL connection the same.  CF9 and CF11 remote servers the same.  Same files will save/upload fine in Homesite.  Problem is in CFB3.

                                     

                                    With a page loaded from the server, if you right-click in the page, the "Save" option is grayed out.  If you are in a page and you click "File" in the top menu, the "Save" option is grayed out and the "Save As" option only lets you save locally.  There is nothing like the "Macromedia FTP and RDS" selection offered in Homesite.  These files will save/upload all day long in Homesite from the same machine here.

                                     

                                    It appears that CFB3 is not designed to let you send a file to a remote server through an RDS connection.

                                     

                                    Unbelievable.  -bg

                                    • 15. Re: "Peer not authenticated" with RDS configuration using SSL
                                      charlie@carehart.org Adobe Community Professional & MVP

                                      Bill, I don’t know what the problem is that you’re having now, but I have to say that you are overstating the case that “CFB is not designed to let you send a file to a remote server through an RDS connection”.

                                       

                                      If I open a file via RDS, and make changes to it, I absolutely CAN save that file back to the server via RDS. I just did it again to make sure I wasn’t somehow failed to notice such fundamental functionality not working. It does work.

                                       

                                      So whatever about this is not working for you (especially when you say for non-SSL connections, which is all that I am testing), again I can say that it is NOT an inherent limitation in CFB. It does work and should work for you.

                                       

                                      If that encouragement may lead you to dig further into what’s not working for you, or if you want some help with that, I’d love to hear back.

                                       

                                      If you may have decided this is the last straw and you’re going back to HS+, fair enough. Before you do, though, did you see my replay to A.S. yesterday, about FTP/SFTP support within Eclipse (which underlies CFB)? If you could get that working, perhaps that would be as suitable to your need to edit files remotely as would RDS.

                                       

                                      /charlie

                                      • 16. Re: "Peer not authenticated" with RDS configuration using SSL
                                        bgordon8684 Level 1

                                        Well, it's very encouraging to know that it is possible.  Now if I could only find out what it takes to get it working ("Save" not grayed out)...  Or what are the circumstances under which "Save" is grayed out after you load a file from a remote server using RDS.  I don't find anything helpful after spending a couple of hours asking Google in several different ways.

                                         

                                        Is there something in "Remote Server Settings" or "Mappings" or "Virtual Host Settings" that needs to be set up?  I would prefer not to use "Projects" and not to use FTP.  I'd like it to work just like HomeSite does.  Too bad there isn't a tech note somewhere on "How to make ColdFusion Builder 3 work like HomeSite".

                                         

                                        Thanks.  -bg

                                        • 17. Re: "Peer not authenticated" with RDS configuration using SSL
                                          a.s.webster Level 1

                                          I followed the instructions on the link for connecting via SSH to SFTP and then realized I needed to connect using FTP over SSL and have not had any luck in googling and connecting that scenario.  I am able to connect with Dreamweaver CC 2014 but have not tried 2015.  I too use Homesite+ and was hoping to use an IDE with updated CF support.

                                          • 18. Re: "Peer not authenticated" with RDS configuration using SSL
                                            charlie@carehart.org Adobe Community Professional & MVP

                                            Again, Bill, I’m saying that I can open a file from the server via RDS, and save it immediately after a change. There’s no graying out of the “Save” for me, so it’s sure seems something unique on your end...which may be why you “don't find anything helpful after spending a couple of hours asking Google in several different ways”. How about clarifying this: do you see anyone else saying they have that problem? I’ve honestly never heard of it myself, and I’m among the few people who still appreciate RDS and help people with CFB.

                                             

                                            As for projects, that’s another whole beast. Sadly (as we discussed on the call), you can’t use RDS-connected folders in a project. It’s too bad, then, because there are also many features in CFB which don’t work unless your files are in a folder within a project.

                                             

                                            As I also said on the call, sometimes this points out that you really would do better to have a local copy of CF (the developer edition, which is free), and run your code locally (which can involve pointing your local CF setup at a remote DB, if it’s not too secured to preclude that, though sometimes it would also be wise to have a local DB. And there are free versions of all the DB servers as well. I know, I know. A lot of developers don’t want to “go to all that trouble”, and fair enough. I’m just wanting to make sure you know of and consider the options, especially given your challenge.

                                             

                                            I can’t think of anything you can do that would change the “save” button. I would, however, think it possible that if we did some digging together, maybe looking more closely at some things you are (or are not) doing, or especially some diagnostics (like the communication from the client to the server), we may well find an explanation and solution. Your call if that would be worthwhile.

                                             

                                            As for your last comment, well, sadly no. Since HS was dropped by Adobe years ago, they did come up with some resources to help DW users make the transition, but neither they or anyone I know did any sort of article on transitioning from HS to CFB.

                                             

                                            /charlie

                                            • 19. Re: "Peer not authenticated" with RDS configuration using SSL
                                              charlie@carehart.org Adobe Community Professional & MVP

                                              Guys, if you can’t get CFB to work via FTP in a way you prefer, I hope you would consider that you could just do the FTP operations outside of CFB with another tool. Again, I realize it’s not optimal or preferred, but it is indeed possible and an option, and not too burdensome (I used to do that myself, in my years of working with CF Studio/HS, because such 3rd party FTP tools, like CureFTP, just did some parts of FTP processing a lot better than HS did.)

                                               

                                              Hope that’s helpful. I realize it’s not THE answer you seek.

                                               

                                              /charlie