Error Kickmaleerie

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, October 11, 2006

SSL and CFHTTP

Posted on 6:00 AM by Unknown
One of our CF developers recently noticed that when using CFHTTP against SSL sites they were sometimes getting "Connection Failure".

Turns out that CFMX being a Java application, SSL is implemented using the JSSE specification. The JVM runtime that CFMX ships with has approx. 128 CA certificates pre-registered in its trusted key store of "cacerts", so most commercial SSL sites canbe used with CFHTTP.

However, many sites within our organisation use certificates signed by our own root CA - which of course CFMX/JVM has no knowledge of. The solution is to use the keytool utility supplied in the Java SDK to import the CA cert into the trusted certificate store. This is all documented in an Adobe Technote and is well blogged on by Steven Erat - whose blog entry also has some useful links as well as some batch srcipts to save typing:-)

One other thing you really want to do is change the default certificate store (cacerts) password from its default value to something a little more secure!
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Dell iDRAC6 Virtual Media Detached error
    See the solution to this error here: http://www.it-book.co.uk/771/error-attaching-iso-in-idrac-%E2%80%93-virtual-media-is-detached
  • more getting the SMS message
    Following my recent " getting the message - too late " post about my employer's evident inability to "get" SMS as a ...
  • Find SQL Servers on your Network
    Very useful script.
  • Java Service Wrapper
    Over the past few months I have been using the very excellent eXist XML database available under the GNU LGPL on a project to store and qu...
  • Changes, changes
    Having reached 60 in pretty decent shape I decided to retire and did so on the 29th July. There will be fewer technical issues blogged as I ...
  • ARPs and NIC Teaming
    Background: A NIC Team is known by a single MAC address to clients in the network. This MAC address is only used as the source MAC address...
  • beyond marks on paper
    Ted Nelson's concept of hypertext predates the web, so it was interesting to get a request this morning from an academic colleague to ...
  • been away a while
    Work and my starting an Open University course ( M358 ) have kept me away for a while. But I'm happy to report having stumbled across t...
  • SQL Server 2000 backuphistory quirk
    We came across this recently when we tried to delete a database and found that the server was churning away for hours at > 50% on each CP...
  • an idiot a day helps you ...
    I've spent one of those difficult weeks in which nothing goes according to plan and you also choose (big mistake) to attempt a rational ...

Categories

  • logs
  • sawmill
  • w3c

Blog Archive

  • ►  2011 (9)
    • ►  October (1)
    • ►  August (2)
    • ►  July (1)
    • ►  June (2)
    • ►  May (2)
    • ►  April (1)
  • ►  2010 (8)
    • ►  December (1)
    • ►  November (1)
    • ►  August (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (1)
    • ►  January (2)
  • ►  2009 (5)
    • ►  July (1)
    • ►  May (2)
    • ►  April (1)
    • ►  January (1)
  • ►  2008 (5)
    • ►  December (1)
    • ►  September (1)
    • ►  August (1)
    • ►  July (1)
    • ►  February (1)
  • ►  2007 (11)
    • ►  November (1)
    • ►  October (1)
    • ►  August (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (2)
    • ►  February (1)
    • ►  January (1)
  • ▼  2006 (15)
    • ►  December (1)
    • ►  November (3)
    • ▼  October (1)
      • SSL and CFHTTP
    • ►  September (2)
    • ►  August (1)
    • ►  July (4)
    • ►  June (1)
    • ►  March (2)
  • ►  2005 (25)
    • ►  October (1)
    • ►  September (2)
    • ►  August (9)
    • ►  July (1)
    • ►  May (1)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (5)
  • ►  2004 (16)
    • ►  December (6)
    • ►  November (10)
Powered by Blogger.

About Me

Unknown
View my complete profile