• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

After migration from http to https, all the scheduled tasks stopped running. But URL runs in browser successfully

New Here ,
Oct 18, 2017 Oct 18, 2017

Copy link to clipboard

Copied

I am using Cold Fusion MX7 on one of many application.

After the migration from http to https, all the scheduled tasks shows below error while executing from scheduled task in cf administrator :

There was an error running your scheduled Task, Reason for which scheduled tasks might fail include:

>The URL is a redirection URL

>The URL is protected by IIS NT Challenge/Response or Apache .htaccess password. The Username and Password text fields for editing a scheduled task are intended to support Basic Authentication Only.

>The Domain Name lookup failed. Try using the IP address of the domain whenever possible.

> The URL is a n SSL site, but the SSL port was specified incorrectly.

>The web site is not responding.

>The directory specified for published results does not exists.

Below are the observations against above error points.

*The URL saved in scheduled tasks have https protocols- hence its not a redirection URL.

*The URL does not asks for any authentication.

*Domain name is correct as its been used since years.

*the ssl port is 443 and the website was responding

* No directory is specified to publish result. As when its specified, and the task is run from CF-ADMIN, it shows scheduled task run successfully. However the published output file says- "connection failure" and nothing runs in actual.

However when the same URL is executed in browser, there is no error and the whole task run smoothly.

Can any one help ?

Views

2.8K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Oct 18, 2017 Oct 18, 2017

Copy link to clipboard

Copied

This is normally due to CF not being able to process the SSL certificate on the HTTPS request.

Normally you add the SSL certificate to the java cert store to get it working - Import certificates to Adobe ColdFusion's truststore

Using CF 7 though, this may or may not be possible.

Is this request to a url on your local server or a remote request to another site?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 18, 2017 Oct 18, 2017

Copy link to clipboard

Copied

Thanks for your response haxtbh !

I would try doing the import certificate. When you doubt on this , does MX7 not compatible to this process of certificate import ?

This request is to a remote server where the site is hosted.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Oct 18, 2017 Oct 18, 2017

Copy link to clipboard

Copied

Depending on where your certificates originate from (well-known provider vs. self-signed), this may or may not be possible.  Also, current versions of the Java JVM/JDK include updated cacerts trusted providers - but older versions of Java (such as the versions MX7 is compatible with) are likely to be missing many trusted providers.  You really need to consider moving to currently-supported and patched versions of ColdFusion (ideally CF 2016) and Java (Java 8) to protect against numerous security vulnerabilities.  If you can't afford to upgrade your ColdFusion licenses, then at least consider switching to the current release of the open-source Lucee CFML engine.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 19, 2017 Nov 19, 2017

Copy link to clipboard

Copied

This type of answer is why people are not interested in CF any longer. Upgrade, thats the answer? You would think SSL is important to support? I am really beginning to hate ColdFusion.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 19, 2017 Nov 19, 2017

Copy link to clipboard

Copied

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Nov 20, 2017 Nov 20, 2017

Copy link to clipboard

Copied

I don't think that tone was necessary.  Technology is always advancing forward.  It is not reasonable to expect software that was written more than 10 years ago (CF7) and has not been receiving updates for almost that long to be able to support current standards (SSL/TLS1.2).  Same goes for the version of Java that CF7 ran on (Java 4 aka 1.4).   Do you still run Windows XP and expect all current versions of software to run on it, and for it to be secure?

And as I stated, if you can't afford to upgrade, there are open-source alternatives that are free of cost.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 20, 2017 Nov 20, 2017

Copy link to clipboard

Copied

Like Carl said, CF 7 is over ten years old. If you get angry when you have to upgrade it after getting ten years of use out of it, you have a pretty unrealistic view of computers. And on a side note, I think it's kind of funny you'd mention "SSL" considering that SSL is actually no longer a supported technology - it's long been replaced by TLS.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Oct 18, 2017 Oct 18, 2017

Copy link to clipboard

Copied

If it is a remote server you are doing the call to, there could be an issue with TLS / SSL.

Your CF7 most likely is not supporting TLS 1.0 and above (TLS 1.1 and above should be where its at)

The remote host could have disabled SSL 2/3 and TLS 1.0 for security reasons.

Realistically the only smart move is to do what Carl has mentioned and update

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 20, 2017 Nov 20, 2017

Copy link to clipboard

Copied

If you don't want to upgrade, or mess around with your Java keystore, there is a simple alternative. Since you control the web server, simply create a listener on your web server that doesn't use HTTPS, and make it only listen on localhost.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 21, 2017 Nov 21, 2017

Copy link to clipboard

Copied

This is not an option for the environment I am developing in. I just question Adobe's commitment to something so simple

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Nov 21, 2017 Nov 21, 2017

Copy link to clipboard

Copied

Do you really expect any company to go back 5 versions of software (CF7 has been out of support for at least 8 years, and was actually a MacroMedia product before Adobe bought MacroMedia) and incorporate 10 years of updates/patches so it will run on current versions of operating systems and Java (because you'd need to be able to use at least Java 7 (1.7) to support all the newer SSL/TLS standards)?  That's completely unrealistic.  Do you expect Microsoft to keep updating Office 97 or Windows 95?

I understand the frustration if you're being forced to continue maintaining a CF7 installation - but the frustration should be directed at those in your company/organization who won't keep software up-to-date, not the company who has updated their products to support current standards and security.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 22, 2017 Nov 22, 2017

Copy link to clipboard

Copied

Thank you Carl, This issue persists in CF11. YES, I would fully expect a company to update their code base to support https with a core function. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Nov 25, 2017 Nov 25, 2017

Copy link to clipboard

Copied

Richard, this is your first mention of cf11 in this thread. Are you saying you have now installed CF11 (on the same machine or perhaps another) and run your scheduled task calling an https url and it's still failing?

If so, there's still one possible explanation for your ongoing challenge: CF11 (the original installer) came with Java 1.7 (Java 7). And as Carl mentioned, the SSL/TLS problem may go away for you with CF running Java 8, as some SSL/TLS issues have to do with a failure of Java 7 to support the needed specific protocol, or may be due to certificates. (And your browser tests may work because the browser is updated whereas the Java within CF11 was not.)

The good news is that it's pretty easy to get and install a Java 8 JDK and update CF to point to it. And Adobe have blogged how to do it at various times in CF's history, as have others  FWIW, I've done a post on resolving common problems when TRYING to update the jvm that CF uses, which you may want to have in your pocket if/when you may try it, if this is your issue.

And if it is your issue and the solution, then before you may decry Adobe "forcing you" to do deal with this need to update to Java 8, note that later CF11 installers and of course CF2016 DO come out of the box with Java 8. So while you may be of the opinion that Adobe has left you in this situation, it really seems just a series of unfortunate events for you.

You have some senior CF people here trying to help. If you work with us we'll work with you to try to get this resolved for you.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Nov 27, 2017 Nov 27, 2017

Copy link to clipboard

Copied

LATEST

I will add to Charlie's suggestion of updating the JVM to Java 8 - that should be the first thing to try when you cannot connect to a HTTPS url. The gut reaction of many is to import the cert into the keystore, while this may fix the problem in some cases you will find updating the JVM is a better long term solution. The list of trusted certificate root authorities change throughout the years so new certificates are added from time to time, updating the JVM is an easy way to fix this. Some root certificates are also revoked from trust due to various issues so if you do not update the JVM you may be trusted certificates that you should not.

I will add a second thing to check which I see a lot - many sites have not configured the intermediate certificates properly. You can use a site like this to check: What's My Chain Cert?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation