3 Replies Latest reply on Jan 28, 2009 9:54 AM by DrewBlah

    Web service call with v3 client cert in CF8

    DrewBlah
      I'm trying to call an external web service which requires a v3 client certificate be installed on our end. Our code platform is CF8, which I understand supports v3 certs. I've imported the external party's client cert into the CF server's cert store (cacerts) via keytool, and confirmed it's there. I've restarted the CF server. How do I attach the certificate to the cfhttp call to the external web service? I figure I can use a cfhttpparam, but am not sure what type to use, and what the value should be. Thanks in advance.
        • 1. Re: Web service call with v3 client cert in CF8
          Level 7
          DrewBlah wrote:
          > I'm trying to call an external web service which requires a v3 client
          > certificate be installed on our end. Our code platform is CF8, which I
          > understand supports v3 certs. I've imported the external party's client cert
          > into the CF server's cert store (cacerts) via keytool, and confirmed it's
          > there.

          You should not import the client certificate, but the server certificate:
          http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool
          http://jochem.vandieten.net/2008/02/28/cfhttp-and-client-certificates/


          > I've restarted the CF server. How do I attach the certificate to the
          > cfhttp call to the external web service? I figure I can use a cfhttpparam, but
          > am not sure what type to use, and what the value should be. Thanks in advance.

          The certificate for the HTTP call should be on the filesystem in PKCS#12
          format. Then use the following code:

          <cfset variables.certificatePath = ExpandPath("certificate.pkcs") />
          <cfset variables.certificatePass = "fillOutYourOwnPassword"/>
          <cfset variables.webserviceURL = "https://server/service" />

          <cfsavecontent variable="theSoap">
          <soapenv:Envelope
          xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/"
          xmlns:ns="https://server/service">
          <soapenv:Header/>
          <soapenv:Body>
          <ns:GetXXX>
          <xxx>YYY</xxx>
          </ns:GetXXX>
          </soapenv:Body>
          </soapenv:Envelope>
          </cfsavecontent>

          <cfhttp
          url = "#variables.webserviceURL#"
          clientCert = "#variables.certificatePath#"
          clientCertPassword = "#variables.certificatePass#"
          method = "get"
          port="443"
          >
          <cfhttpparam type="header" name="Connection" value="Keep-Alive">
          <cfhttpparam type="header" name="SOAPAction" value="service">
          <cfhttpparam type="xml" value="#theSoap#">
          </cfhttp>

          <cfdump var="#XMLParse(cfhttp.filecontent)#">

          Jochem


          --
          Jochem van Dieten
          Adobe Community Expert for ColdFusion
          • 2. Re: Web service call with v3 client cert in CF8
            gdemaria Level 1
            Did this work? I was told by CF support that CF 8 does NOT support SSL v3. But we are having the same problem with SSL v2.

            There are many threads started on this topic, but none with a resolution. Has any one ever gotten Coldfusion to consume a web service with https ??
            • 3. Re: Web service call with v3 client cert in CF8
              DrewBlah Level 1
              quote:

              Originally posted by: gdemaria
              Did this work? I was told by CF support that CF 8 does NOT support SSL v3. But we are having the same problem with SSL v2.

              There are many threads started on this topic, but none with a resolution. Has any one ever gotten Coldfusion to consume a web service with https ??


              Yes, it did work, after a bit of trial and error. The critical thing was, as Jochem pointed out, to use the external party's server certificate not the client cert. I guess CF8 needs both the public key and the private key. Once the external party hosting the web service (who needed the cert to be included in the call to them) had provided me with the server certificate in a ".pfx" format file I was able to just save it onto the server in a folder and point CF8 to it via the CFHTTP clientCert and clientCertPassword attributes. I didn't need to do anything with the server's certificate store in the end. Works fine now. Best of luck with your endeavors.