Web services and client certificates

Report · Oct 31, 2008

Hello,
Is there a way to invoke a web service that sits on a web server that requires client certificate authentication. Like in Coldfusion 8 you can pass the client cert along with the cfhttp call. We're running into the problem of calling the page that invokes the web service, then the invoke fails because that's a call to a URL that is protected. Anyone know how to do this, or a good work around?
Any help is appreciated.

Report · Nov 03, 2008

Have you installed the client cert into the certificate store? To install it in the ColdFusion certificate store, you use the java tool which is in jre/bin and it's called keytool. You can look up examples on the web.

I'm no expert, but the idea is when the web service you are trying to call challenges your web server, your web service should be able to find the key in the certificate store.

Jim

Report · Nov 05, 2008

Thanks for the reply! I'm no expert either, that's why I'm here!

Yes, the certificate for the server is loaded. I'm doing this all on one machine, so I just loaded it's own server certificate into the trust store. The problem is the server is protected by client authentication via certificates. I guess I'm relating this to a regular request, where if you have a server that requires certificates, you can pass along the cert in an CFHTTP call with clientCert parameter. Here we are calling a page that invokes the web service which is really another request. This is where the issue is, since I don't see how to send along the certificate information in the invoke call.
Thanks for the help!

Report · Nov 19, 2008

Hoping someone that knows anything about this would be willing to comment...
Thanks.

Adobe Community

Web services and client certificates