SSL Problems with JRE 1.7

Report · Jul 02, 2013

Hello, all. Wondering if anyone else out there has encountered a similar issue:

I have several ColdFusion applications that speaking to another CF application via SOAP (CreateObject('webservice'...)), and that is happening over SSL. The certificate is valid, is not self-signed, and is not expired. This connection works fine on servers that are using the 1.6x JRE, but on servers using 1.7x the connection fails with the following error:

Unable to read WSDL from: {address}

Error: javax.net.ssll.SSLPeerUnverififedException: peer not authenticated.

If we downgrade the JRE on those servers with the error it goes away and connects fine.

Thoughts?

Report · Jul 02, 2013

Hi Matt, Perhaps the SSL is not in the Java 7 keystore but is in the Java 6 keystore. Use keytool to add SSL to Java 7 then while CF is configured to Java 7 restart CF and retest.

EG:
CMD prompt
CD D:\Program Files\Java\1.7.0_nn\jre\bin>
keytool -importcert -storepass changeit -noprompt -alias friendly_name -keystore ../lib/security/cacerts -trustcacerts -file d:\temp\certificate_file.cer

HTH, Carl.