Copy link to clipboard
Copied
Hello,
i want to automate the signing of my pdf's. I use standard coldfusion command
<cfpdf action="sign" source="noSign.pdf" destination="Signed.pdf"
keystore="c:\coldfusion2016\jre\bin\myKeystore.jks" keystorepassword="changeit" keyalias="321"
overwrite="true" pages="1" height="100" width="200" position="280,210" author="false">
and i get the ERROR : "keyalias 321 does not exist in the keystore."
when i list on the server : keytool -list -v -keystore myKeystore.jks the alias really excits
C:\ColdFusion2016\jre\bin>keytool -list -v -keystore myKeystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: 321
Creation date: 23-mars-2018
Entry type: trustedCertEntry
.....
i've imported this alias by : keytool -import -keystore myKeystore.jks -file 321.cer -alias 321
HELPPPPPPP !!!!
Thx in advance
I've didn't updated the jvm. It's a clean standard installation of CF2016.
if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i get
java.home=C:\\ColdFusion2016\\jre
the keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\bin
When i open the CF admin and go to the Java and JVM part, these are the settings
C:\ColdFusion2016\jre
c:\DATA\SOFTWARE\ORA12\lib
-server -XX
...Copy link to clipboard
Copied
You must make sure first that cf is using the keystore you are checking and writing to. It may not be.
Look in the "Java and Jvm" page of the cf admin for the Java virtual machine path field, or see the java.home value in cf's jvm.config file (or have someone with access to those tell you).
There are many reasons folks may update the jvm that cf uses. If they do, any such certs needed must be installed/reinstalled into the NEW jvm's keystore.
Let us know if that's it. There are still other easy mistakes one can make in trying to import certs.
Copy link to clipboard
Copied
Hi,
I have created a test self-signed certificate and converted it to both .pfx and .jks and it seems to be working fine.
PFX example
<cfpdf action="sign"
source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"
destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign.pdf"
keystore="C:\openssl\bin\ca.pfx" keystorepassword="changeit"
overwrite="true" pages="1" height="100"
width="100" position="100,100" author="false"
/>
JKS Example
<cfpdf action="sign"
source="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo.pdf"
destination="C:\ColdFusion2016\cfusion\wwwroot\bob1\demo_sign_jks.pdf"
keystore="C:\openssl\bin\cert\ca.jks" keystorepassword="changeit"
overwrite="true" pages="1" height="100"
width="100" position="100,100" author="false"
/>
Can you please remove the 'keyalias' from your code. Also, as Charlie mentioned that you also have to check your JVM, which JDK it is pointing(external/internal). Maybe you have imported the certificate in internal keystore and you might be using the internal JDK in ColdFusion or vice versa.
Thanks,
Priyank Shrivastava
Copy link to clipboard
Copied
I've didn't updated the jvm. It's a clean standard installation of CF2016.
if i look in the c:\coldfusion2016\cfusion\bin and open tje jvm.cnfig, i get
java.home=C:\\ColdFusion2016\\jre
the keytool.exe + myKeystore.jks + 321.CER is are all in same directory C:\\ColdFusion2016\\jre\bin
When i open the CF admin and go to the Java and JVM part, these are the settings
C:\ColdFusion2016\jre
c:\DATA\SOFTWARE\ORA12\lib
-server -XX:MaxMetaspaceSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Djava.util.logging.config.file={application.home}/lib/logging.properties
Copy link to clipboard
Copied
priyanks97293812,
I see that you use C:\openssl.
What i've done : i've exported my certificate from my official identity card (Belgium) and saved it to a .CER file, then i've copied this .CER to the c:\coldfusion2016\jre\bin and imported with keytool my own .CER
keytool -import -keystore myKeystore.jks -file 321.cer -alias 321
i didn't used openssl.
Must i Always use openssl?
Copy link to clipboard
Copied
Hi,
It is not mandatory to use Openssl, I am using it for myself. You can use keytool to generate the certificate.
Will it be possible for you to generate the self signed certificate and try it. So that we can isolate the issue with certificate.
Thanks,
Priyank