Skip to main content
manass10781009
manass10781009
New Participant
October 18, 2017
Question

After migration from http to https, all the scheduled tasks stopped running. But URL runs in browser successfully

  • October 18, 2017
  • 4 replies
  • 3633 views

I am using Cold Fusion MX7 on one of many application.

After the migration from http to https, all the scheduled tasks shows below error while executing from scheduled task in cf administrator :

There was an error running your scheduled Task, Reason for which scheduled tasks might fail include:

>The URL is a redirection URL

>The URL is protected by IIS NT Challenge/Response or Apache .htaccess password. The Username and Password text fields for editing a scheduled task are intended to support Basic Authentication Only.

>The Domain Name lookup failed. Try using the IP address of the domain whenever possible.

> The URL is a n SSL site, but the SSL port was specified incorrectly.

>The web site is not responding.

>The directory specified for published results does not exists.

Below are the observations against above error points.

*The URL saved in scheduled tasks have https protocols- hence its not a redirection URL.

*The URL does not asks for any authentication.

*Domain name is correct as its been used since years.

*the ssl port is 443 and the website was responding

* No directory is specified to publish result. As when its specified, and the task is run from CF-ADMIN, it shows scheduled task run successfully. However the published output file says- "connection failure" and nothing runs in actual.

However when the same URL is executed in browser, there is no error and the whole task run smoothly.

Can any one help ?

    This topic has been closed for replies.

    4 replies

    R
    richardf99240577
    New Participant
    November 23, 2017

    Thank you Carl, This issue persists in CF11. YES, I would fully expect a company to update their code base to support https with a core function. 

    Charlie Arehart
    Charlie Arehart
    Community Expert
    November 25, 2017

    Richard, this is your first mention of cf11 in this thread. Are you saying you have now installed CF11 (on the same machine or perhaps another) and run your scheduled task calling an https url and it's still failing?

    If so, there's still one possible explanation for your ongoing challenge: CF11 (the original installer) came with Java 1.7 (Java 7). And as Carl mentioned, the SSL/TLS problem may go away for you with CF running Java 8, as some SSL/TLS issues have to do with a failure of Java 7 to support the needed specific protocol, or may be due to certificates. (And your browser tests may work because the browser is updated whereas the Java within CF11 was not.)

    The good news is that it's pretty easy to get and install a Java 8 JDK and update CF to point to it. And Adobe have blogged how to do it at various times in CF's history, as have others  FWIW, I've done a post on resolving common problems when TRYING to update the jvm that CF uses, which you may want to have in your pocket if/when you may try it, if this is your issue.

    And if it is your issue and the solution, then before you may decry Adobe "forcing you" to do deal with this need to update to Java 8, note that later CF11 installers and of course CF2016 DO come out of the box with Java 8. So while you may be of the opinion that Adobe has left you in this situation, it really seems just a series of unfortunate events for you.

    You have some senior CF people here trying to help. If you work with us we'll work with you to try to get this resolved for you.

    /Charlie (troubleshooter, carehart. org)
    pete_freitag
    pete_freitag
    Participating Frequently
    November 27, 2017

    I will add to Charlie's suggestion of updating the JVM to Java 8 - that should be the first thing to try when you cannot connect to a HTTPS url. The gut reaction of many is to import the cert into the keystore, while this may fix the problem in some cases you will find updating the JVM is a better long term solution. The list of trusted certificate root authorities change throughout the years so new certificates are added from time to time, updating the JVM is an easy way to fix this. Some root certificates are also revoked from trust due to various issues so if you do not update the JVM you may be trusted certificates that you should not.

    I will add a second thing to check which I see a lot - many sites have not configured the intermediate certificates properly. You can use a site like this to check: What's My Chain Cert?

    R
    richardf99240577
    New Participant
    November 21, 2017

    This is not an option for the environment I am developing in. I just question Adobe's commitment to something so simple

    Carl Von Stetten
    Carl Von Stetten
    Brainiac
    November 21, 2017

    Do you really expect any company to go back 5 versions of software (CF7 has been out of support for at least 8 years, and was actually a MacroMedia product before Adobe bought MacroMedia) and incorporate 10 years of updates/patches so it will run on current versions of operating systems and Java (because you'd need to be able to use at least Java 7 (1.7) to support all the newer SSL/TLS standards)?  That's completely unrealistic.  Do you expect Microsoft to keep updating Office 97 or Windows 95?

    I understand the frustration if you're being forced to continue maintaining a CF7 installation - but the frustration should be directed at those in your company/organization who won't keep software up-to-date, not the company who has updated their products to support current standards and security.

    D
    Dave Watts
    Community Expert
    November 21, 2017

    If you don't want to upgrade, or mess around with your Java keystore, there is a simple alternative. Since you control the web server, simply create a listener on your web server that doesn't use HTTPS, and make it only listen on localhost.

    Dave Watts, Eidolon LLC
    H
    haxtbh
    Inspiring
    October 18, 2017

    This is normally due to CF not being able to process the SSL certificate on the HTTPS request.

    Normally you add the SSL certificate to the java cert store to get it working - Import certificates to Adobe ColdFusion's truststore

    Using CF 7 though, this may or may not be possible.

    Is this request to a url on your local server or a remote request to another site?

      manass10781009
      manass10781009Author
      New Participant
      October 18, 2017

      Thanks for your response haxtbh !

      I would try doing the import certificate. When you doubt on this , does MX7 not compatible to this process of certificate import ?

      This request is to a remote server where the site is hosted.

      Carl Von Stetten
      Carl Von Stetten
      Brainiac
      October 18, 2017

      Depending on where your certificates originate from (well-known provider vs. self-signed), this may or may not be possible.  Also, current versions of the Java JVM/JDK include updated cacerts trusted providers - but older versions of Java (such as the versions MX7 is compatible with) are likely to be missing many trusted providers.  You really need to consider moving to currently-supported and patched versions of ColdFusion (ideally CF 2016) and Java (Java 8) to protect against numerous security vulnerabilities.  If you can't afford to upgrade your ColdFusion licenses, then at least consider switching to the current release of the open-source Lucee CFML engine.

        Terms & ConditionsAccessibility statement
        Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices