This content has been marked as final. Show 3 replies
Another important element:
the certificate .p12 is not a certificate trusted by a Certificate Authority like Verisign.
It is one that we generated at our side.
Is there maybe a specific configuration to do in this case in ColdFusion or in our machine (Windows 2003 Server)?
I am actually running into the same issue her eon my end with a p12 cert.. Have you found anything else? I get the same connection error as well. Here's my code.. I tried both sending garble to the service and actual soap messages.
clientCert = "c:\inetpub\wwwroot\adirondack3.p12"
clientCertPassword = "xxxxx"
<CFHTTPPARAM type="header" name="SOAPAction" value="">
<CFHTTPPARAM type="xml" value="#myXML#">
yes we went further. But this is not so easy.
Before an SSL connection can be established with CFHTTP to a server the certificate of that server needs to be imported as a trusted certificate in the ColdFusion truststore with the keytool command. The command to do so is:
keytool -import -trustcacerts -keystore cacerts -storepass <password> -noprompt -alias <alias> -file <certfile>
If you use another CA certificate authority, then you also have to import the CA into the ColdFusion truststore.
Before a client certificate can be used it needs to be in a specific format, pkcs. Of course this client certificate must contain the private key.
You also have to import the client certificate into the Windows Certificate Store (if you run under a windows desktop/server).
In your ColdFusion cfhttp tag, use this .pkcs certificate file.
Tell me if it works like this :)