3 Replies Latest reply on Nov 19, 2008 4:20 AM by vootmon

    Web services and client certificates

      Is there a way to invoke a web service that sits on a web server that requires client certificate authentication. Like in Coldfusion 8 you can pass the client cert along with the cfhttp call. We're running into the problem of calling the page that invokes the web service, then the invoke fails because that's a call to a URL that is protected. Anyone know how to do this, or a good work around?
      Any help is appreciated.
        • 1. Re: Web services and client certificates
          jim1234 Level 1
          Have you installed the client cert into the certificate store? To install it in the ColdFusion certificate store, you use the java tool which is in jre/bin and it's called keytool. You can look up examples on the web.

          I'm no expert, but the idea is when the web service you are trying to call challenges your web server, your web service should be able to find the key in the certificate store.

          • 2. Re: Web services and client certificates
            vootmon Level 1
            Thanks for the reply! I'm no expert either, that's why I'm here!

            Yes, the certificate for the server is loaded. I'm doing this all on one machine, so I just loaded it's own server certificate into the trust store. The problem is the server is protected by client authentication via certificates. I guess I'm relating this to a regular request, where if you have a server that requires certificates, you can pass along the cert in an CFHTTP call with clientCert parameter. Here we are calling a page that invokes the web service which is really another request. This is where the issue is, since I don't see how to send along the certificate information in the invoke call.
            Thanks for the help!
            • 3. Re: Web services and client certificates
              vootmon Level 1
              Hoping someone that knows anything about this would be willing to comment...