Skip to main content
ilssac
ilssac
Inspiring
January 6, 2011
Question

ColdFusion and SSL is giving me a headache.

  • January 6, 2011
  • 2 replies
  • 885 views

I have this simple piece of test code.

<cfhttp url="https://10.104.106.113/index.html" port="4433">
<cfdump var="#cfhttp#">

As you can see I am just trying to make a simple http request over SSL to another web server.  I just want to confirm connectedness at this time.  Real coding will come later.

I am getting the dreaded peer not authorized error.

ErrorDetail I/O Exception: peer not authenticated

I understand that this usually means that one need to import a security certificate in the java cacerts keystore.  But I did that some time ago, and there are other applications running that I beleive are using this connections, or at least did in times past.

Running this command on the server making the request I find the expected certificate in the keystore.

$ keytool -list -storepass changeit -noprompt -keystore ../lib/security/cacerts -alias winappdev01
winappdev01, Jun 22, 2010, trustedCertEntry,
Certificate fingerprint (MD5): 0F:D5:BC:E0:AD:87:53:ED:C2:CD:2A:83:65:83:F3:DF

That is as far as I understand how to manage certificates.  I have no idea how to test that certificate or in anyway validate it.  Can anybody provide me some pointers on where to go from here?

This topic has been closed for replies.

2 replies

D
Community Expert
Dave WattsCommunity Expert
Community Expert
January 6, 2011

Certificates contain a name (host and domain name, typically) and this name is compared to the URL requested. If they don't match, the certificate will not be honored by the client.

You're requesting a URL using an IP address, not a name. This will not work from a client that requires the name to be valid.

Dave Watts, CTO, Fig Leaf Software

http://www.figleaf.com/

http://training.figleaf.com/

Dave Watts, Eidolon LLC
ilssac
ilssacAuthor
Inspiring
January 6, 2011

Actually, as one can see from the certificate shown by the browser in my second post, the common name IN the certificate IS the IP address.

And now, through no concious effort in my part, it is working properly.  The only thing I can think of, is that the self signed certificate on the IIS server had expired as it has been some time since we last played with it.  While stumbling around in the dark, I may have regenerated the certificate for some three years.

But I would really like to know more about managing these things so that I am not stumbling around in the dark!

ilssac
ilssacAuthor
Inspiring
January 6, 2011

More information.

I do not know why, but after I wrote the first message I was able to connect to the url in my browser.  This did not work before.

Looking at the information of the certificate in the browser the MD5 hashes seem to match.  Does that not mean the certifice is in the keystore?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices