Copy link to clipboard
Copied
Im not familiar enough with webservices to understand this issue so Im hoping someone else can give me a hand. Im trying to consume a webservice that is available via an https URL and we are experiencing issues just getting connected to the wsdl. When I try to telnet server to server I get a Connect Failed error. So I had our SA open the firewall to our IP, but am still getting the same message. Is there anything else I need to do on our server in order to make this connection? Also, should I elect to have the SSL turned off while I am testing in our development environment? Does it make that much difference in what I can see during testing? I'd prefer to just leave it on since that is how it will operate in our production environment... Any advice is appreciated.
My money is still on it being a certificate issue. To install the certificate, just visit the remote URL in a browser, and use that to save the certificate locally. Then, add it to your certificate store as described at the link I gave in the last email.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Copy link to clipboard
Copied
If you're getting actual connection issues then it doesn't matter whether it's SSL or not, it's simply a connectivity issue between the CF box and the remote service.
Sounds like a firewall or routing issue, but it's certainly not something you'll be able to fix in your code. Are you sure port 443 is open out from your firewall *and* in to theirs?
Keep beating your sysadmin until it works
Copy link to clipboard
Copied
Haha..okay, thats what I needed to hear, thank you for verifying my sanity. I will keep on him. Thanks!
Copy link to clipboard
Copied
So, now the firewall changes have been made and now getting a different error. Seems like this is still a network issue.. Thoughts?
Copy link to clipboard
Copied
No, this is probably a certificate verification issue. You'll probably have to install the remote server's certificate chain in your keystore.
http://www.google.com/search?q=coldfusion+java+keystore
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Copy link to clipboard
Copied
Here is the stack trace for the error above. I am unfamiliar with how to read most of this, but I don't see that there is a "HandShake" error of any kind. Anyone see anything that would say this doesn't relate to a network and/or certificate issue?
coldfusion.tagext.net.HttpTag$HttpConnectionFailureException: Connection Failure: Status code unavailable at coldfusion.tagext.net.HttpTag.connHelper(HttpTag.java:1004) at coldfusion.tagext.net.HttpTag.doEndTag(HttpTag.java:1062) at cftest62ecfm238689358.runPage(C:\Inetpub\wwwroot\test6.cfm:57) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:279) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Also, I am having trouble getting a copy of the certificate for the remote server from the SA. Is it a must to have the remote cert in our Keystore?
Copy link to clipboard
Copied
My money is still on it being a certificate issue. To install the certificate, just visit the remote URL in a browser, and use that to save the certificate locally. Then, add it to your certificate store as described at the link I gave in the last email.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Copy link to clipboard
Copied
Sorry its taken so long to respond. Adding the certificate to the java key
store fixed my issues.
I used Mark Kruger's blog article for handling the specifics.
http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=8E44925A-B73D-E3AD-709D4E02FD6D4588
Thanks again for all the help.
Copy link to clipboard
Copied
I'm not sure telnet will be a useful way to test connectivity for ports that require encrypted connections. I'd recommend that you just try using a browser (wget if you can only browse via a command line).
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/