One of our CF developers recently noticed that when using CFHTTP against SSL sites they were sometimes getting "Connection Failure".
Turns out that CFMX being a Java application, SSL is implemented using the JSSE specification. The JVM runtime that CFMX ships with has approx. 128 CA certificates pre-registered in its trusted key store of "cacerts", so most commercial SSL sites canbe used with CFHTTP.
However, many sites within our organisation use certificates signed by our own root CA - which of course CFMX/JVM has no knowledge of. The solution is to use the keytool utility supplied in the Java SDK to import the CA cert into the trusted certificate store. This is all documented in an Adobe Technote and is well blogged on by Steven Erat - whose blog entry also has some useful links as well as some batch srcipts to save typing:-)
One other thing you really want to do is change the default certificate store (cacerts) password from its default value to something a little more secure!
Turns out that CFMX being a Java application, SSL is implemented using the JSSE specification. The JVM runtime that CFMX ships with has approx. 128 CA certificates pre-registered in its trusted key store of "cacerts", so most commercial SSL sites canbe used with CFHTTP.
However, many sites within our organisation use certificates signed by our own root CA - which of course CFMX/JVM has no knowledge of. The solution is to use the keytool utility supplied in the Java SDK to import the CA cert into the trusted certificate store. This is all documented in an Adobe Technote and is well blogged on by Steven Erat - whose blog entry also has some useful links as well as some batch srcipts to save typing:-)
One other thing you really want to do is change the default certificate store (cacerts) password from its default value to something a little more secure!
