HTTPS Webservices

Report · Jan 28, 2011

Im not familiar enough with webservices to understand this issue so Im hoping someone else can give me a hand. Im trying to consume a webservice that is available via an https URL and we are experiencing issues just getting connected to the wsdl. When I try to telnet server to server I get a Connect Failed error. So I had our SA open the firewall to our IP, but am still getting the same message. Is there anything else I need to do on our server in order to make this connection? Also, should I elect to have the SSL turned off while I am testing in our development environment? Does it make that much difference in what I can see during testing? I'd prefer to just leave it on since that is how it will operate in our production environment... Any advice is appreciated.

Report · Jan 28, 2011

If you're getting actual connection issues then it doesn't matter whether it's SSL or not, it's simply a connectivity issue between the CF box and the remote service.

Sounds like a firewall or routing issue, but it's certainly not something you'll be able to fix in your code. Are you sure port 443 is open out from your firewall *and* in to theirs?

Keep beating your sysadmin until it works

Report · Jan 28, 2011

Haha..okay, thats what I needed to hear, thank you for verifying my sanity. I will keep on him. Thanks!

Report · Jan 28, 2011

So, now the firewall changes have been made and now getting a different error. Seems like this is still a network issue.. Thoughts?

Report · Jan 28, 2011

No, this is probably a certificate verification issue. You'll probably have to install the remote server's certificate chain in your keystore.

http://www.google.com/search?q=coldfusion+java+keystore

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Report · Jan 31, 2011

Here is the stack trace for the error above. I am unfamiliar with how to read most of this, but I don't see that there is a "HandShake" error of any kind. Anyone see anything that would say this doesn't relate to a network and/or certificate issue?

coldfusion.tagext.net.HttpTag$HttpConnectionFailureException: Connection Failure: Status code unavailable at coldfusion.tagext.net.HttpTag.connHelper(HttpTag.java:1004) at coldfusion.tagext.net.HttpTag.doEndTag(HttpTag.java:1062) at cftest62ecfm238689358.runPage(C:\Inetpub\wwwroot\test6.cfm:57) at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:196) at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:370) at coldfusion.filter.CfincludeFilter.invoke(CfincludeFilter.java:65) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:279) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:48) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:86) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:70) at coldfusion.filter.BrowserDebugFilter.invoke(BrowserDebugFilter.java:74) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:46) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.CfmServlet.service(CfmServlet.java:175) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:89) at jrun.servlet.FilterChain.doFilter(FilterChain.java:86) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:42) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:46) at jrun.servlet.FilterChain.doFilter(FilterChain.java:94) at jrun.servlet.FilterChain.service(FilterChain.java:101) at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106) at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42) at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286) at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543) at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

Also, I am having trouble getting a copy of the certificate for the remote server from the SA. Is it a must to have the remote cert in our Keystore?

Report · Jan 31, 2011

My money is still on it being a certificate issue. To install the certificate, just visit the remote URL in a browser, and use that to save the certificate locally. Then, add it to your certificate store as described at the link I gave in the last email.

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Report · Mar 24, 2011

Sorry its taken so long to respond. Adding the certificate to the java key

store fixed my issues.

I used Mark Kruger's blog article for handling the specifics.

http://mkruger.cfwebtools.com/index.cfm?mode=entry&entry=8E44925A-B73D-E3AD-709D4E02FD6D4588

Thanks again for all the help.

Report · Jan 28, 2011

I'm not sure telnet will be a useful way to test connectivity for ports that require encrypted connections. I'd recommend that you just try using a browser (wget if you can only browse via a command line).

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Adobe Community

HTTPS Webservices

1 Correct answer