SSL problem when running Apache httpclient in Jrun and not in stand-alone Java

Question

We are using the Apache httpclient 4.1.2 to post to an external server, using SSL. The post works fine when running it from the Java JRE , but when the code runs under a JRUN/Colfusion instance that uses the same Java JRE the error message returned is:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

.......

When debugging the connect using the -Djavax.net.debug=all setting, the error message shown internally is:

java.lang.RuntimeException: Could not generate secret

Is there some weird ColdFUsion setting we need to undo to make this work? We installed the cert from the other server in the /rje/lib/sercurity/cacerts file but that did not make a difference. Why does standalone java work and not Jrun?

The JDK version is 1.6.0_24-b07

Coldfusion: 9,0,1,274733

Joop Kaashoek · Accepted Answer

OK, the solution was simple, to disable jsafe the proper way by adding the java command line property: -Dcoldfusion.disablejsafe=true Let's hope jsafe is not used for something vital...

Joop Kaashoek · Answer

Problem is solved. Doing a class loading analysis with the java option -verbose:class we we could see that in the ColdFusion case it was loading from the ../WEB-INF/lib/jsafeJCEFIPS.jar of the CF instance for key encryption and that was not the same as in the stand-alone case. So we got rid of that JAR and that made the SSL communication work properly..

Running a mix of J2EE and ColdFusion on the same instance has its challenges...

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded