Connection Failure in CFHTTP due to SSL cert. upgrade?

Report · Apr 12, 2011

Been using Worldpay for years to send credit card charges in using cfthttp.

Suddenly, two weeks ago, Worldpay server produced a connection failure. Told by them to update the URL to something different.New.

Did that, and it worked again ... 5 days later it stopped working again, same error.

This time they (Worldpay) blame it on a firewall issue at our ISP ... rubbish. Had firewall disabled temporarily. But WPay admit they have updated their SSL certificates.

We find that while ColdFusion sends URL and gets connection failure, when we use the same URL in a BROWSER on any server in our ISP or anywhere else globally, it works ... we get a "proper" error message from their server (invalid account) but not a connection failure.

So "drastic" is this failure, that when we add parameters timeout="5" and throwonerror="Yes" to the CFHTTP routine (should be there anyway, I know) we get a CF error ..

Connection Failure: Status code unavailable.

Environment:

Windows: 2000 Advanced Server .. NO comemnts please on client upgrade path! It works.

IIS: 6?

CF: 8

But we have tested this on 3 different servers ... running CF 7 also and other Win O/S.

Is there somewhere in the CF7, CF8 admin panel where we do something to update the SSL certificate for this vendor?

We ran wireshark on the server to see if perhaps CF had been corrupting the http URL string and that Worldpay would work before but now is less tolerant of a "corrupt" string but it looks fine.

Report · Apr 12, 2011

To add a cert to ColdFusion you must add it to the underlying JRE. Instructions can be found here:

http://www.talkingtree.com/blog/index.cfm?mode=entry&entry=25AA75A4-45A6-2844-7CA3EECD842DB576

Report · Apr 12, 2011

Thank you for your seemingly "right on the money" reply.

I have acquired the requisite certs from Worldpay ... dumped them in the appropriate folder, and they have a .txt extension.

Never used the keytool utility before ... so, to ADD these two (primary and secondary) certs to the "library", whaty command line parameters do I need to use given the certs are named verysign_worldpay_1.txt and ????_2.txt

Tried to follow your example but got a wee bit lost.

Many thanks.

Report · Apr 13, 2011

Ok, I downloaded the latest JRM from Sun ... then installed it on a non production server ... in that URL they tell you to " I then configured ColdFusion MX to run on this new JVM, and tried again." ...

In my Jrun config screen I see nowhere where you can tell it to load a certain version of JRUN,

Is it in the Java virtual machine path? In which case, which path am I looking for? I see in Settings summary Java Version 1.6 0_04, which seems even newer than the one mentioned in the article. I also rebooted the server. When I run the command line parm for keytool I still get the error message.

Report · Apr 14, 2011

I dunno about on a JRun config screen, but it's in your jvm.config file. The java.home value.

--

Adam

Report · Apr 14, 2011

What is?

I opened that file and find ...where i there am I supposed to find a JRM version number?

#
# VM configuration
#
# Where to find JVM, if {java.home}/jre exists then that JVM is used
# if not then it must be the path to the JRE itself
java.home=C:/ColdFusion8/runtime/jre
#
# If no java.home is specified a VM is located by looking in these places in this
# order:
#
# 1) bin directory for java.dll (windows) or lib/<ARCH>/libjava.so (unix)
# 2) ../jre
# 3) registry (windows only)
# 4) JAVA_HOME env var plus jre (ie $JAVA_HOME/jre)
#

# Arguments to VM
java.args=-server -Xmx512m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=192m -XX:+UseParallelGC -Dcoldfusion.rootDir={application.home}/../ -Dcoldfusion.classPath={application.home}/../lib/updates,{application.home}/../lib,{application.home}/../gateway/lib/,{application.home}/../wwwroot/WEB-INF/flex/jars,{application.home}/../wwwroot/WEB-INF/cfform/jars -Dcoldfusion.libPath={application.home}/../lib

#
# commas will be converted to platform specific separator and the result will be passed
# as -Djava.ext.dirs= to the VM
java.ext.dirs={jre.home}/lib/ext

#
# where to find shared libraries
java.library.path={application.home}/../lib,{application.home}/../jintegra/bin,{application.home}/../jintegra/bin/international
system.path.first=false

#
# set the current working directory - useful for Windows to control
# the default search path used when loading DLLs since it comes
# before system directory, windows directory and PATH
java.user.dir={application.home}/../../lib

# JVM classpath
java.class.path={application.home}/servers/lib,{application.home}/../lib/macromedia_drivers.jar,{application.home}/lib/cfmx_mbean.jar,{application.home}/lib

Report · Apr 14, 2011

>> In my Jrun config screen I see nowhere where you can tell it to load a certain version of JRUN,

> I dunno about on a JRun config screen, but it's in your jvm.config file. The java.home value.

So... by default, it probably loads something like C:\JRun4\jre. To check which version that is, run java -version from the C:\JRun4\jre\bin dir.

And to change your JRun config to run a DIFFERENT JVM, change the java.home value in jvm.config to point to the other JVM's JRE dir.

NB: if you're running CF Standard, the JRE dir will be somewhere else... I'm not sure where as I never run a standard install. It might be something like C:\CFusion\runtime or something like that. You might have to google.

--

Adam

Report · Apr 14, 2011

Thanks for your replies ...

But they apply to ColdFusion ENTERPRISE with multi server ... we are single server standard.

SO started a support ticket with Adobe ...

Cheers

R

Report · Apr 14, 2011

Yeah, but it still all runs on JRun, and the architecture is the same except for which directories various files go in.

I kinda did point that out.

--

Adam