Connection Failure: Status code unavailable

Community Beginner ,
Feb 17, 2017 Feb 17, 2017

Copy link to clipboard

Copied

We recently updated the JVM Arguments (highlighted in Red below) in ColdFusion 10.

-server -XX:MaxPermSize=192m -XX:+UseParallelGC -Xbatch -Dcoldfusion.home={application.home} -Dcoldfusion.rootDir={application.home} -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dhttps.protocols=TLSv1.2,TLSv1.1

Ever since this JVM configuration change was made our scheduled tasks in ColdFusion have stopped working.  I am still getting the Connection Failure: Status code unavailable error after updating the Key store.

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\su-jc01>cd c:\ColdFusion10\jre\lib\security

c:\ColdFusion10\jre\lib\security>dir c:\ColdFusion10\jre\bin\keytool.exe
Volume in drive C has no label.
Volume Serial Number is 3CCC-0D9D

Directory of c:\ColdFusion10\jre\bin

11/11/2014  04:42 PM            15,232 keytool.exe
               1 File(s)         15,232 bytes
               0 Dir(s)  15,286,296,576 bytes free

c:\ColdFusion10\jre\lib\security>c:\ColdFusion10\jre\bin\keytool.exe -import -ke
ystore cacerts -alias UniqueName -file ColdFusion_cert.cer
Enter keystore password:
Certificate was added to keystore

c:\ColdFusion10\jre\lib\security>

-------------------------------------------------------------------------------------------------------------------

C:\Program Files\Java\jdk1.8.0_91\jre\bin

-------------------------------------------------------------------------------------------------------------------

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\su-jc01>cd c:\Program Files\Java\jdk1.8.0_91\jre\bin

c:\Program Files\Java\jdk1.8.0_91\jre\bin>keytool.exe -import -keystore cacerts
-alias UniqueName -file ColdFusion_cert.cer
Enter keystore password:
Re-enter new password:
Owner: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCer
t Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert I
nc, C=US
Serial number: 4e1e7a4dc5cf2f36dc02b42b85d159f
Valid from: Tue Oct 22 07:00:00 CDT 2013 until: Sun Oct 22 07:00:00 CDT 2028
Certificate fingerprints:
         MD5:  AA:EE:5C:F8:B0:D8:59:6D:2E:0C:BE:67:42:1C:F7:DB
         SHA1: A0:31:C4:67:82:E6:E6:C6:62:C2:C8:7C:76:DA:9A:A6:2C:CA:BD:8E
         SHA256: 19:40:0B:E5:B7:A3:1F:B7:33:91:77:00:78:9D:2F:0A:24:71:C0:C9:D5:
06:C0:E5:04:C0:6C:16:D7:CB:17:C0
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
]
]

#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B1 3E C3 69 03 F8 BF 47   01 D4 98 26 1A 08 02 EF  .>.i...G...&....
0010: 63 64 2B C3                                        cd+.
]
]

#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]
]]

#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://
www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
]

#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#7: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 51 68 FF 90 AF 02 07 75   3C CC D9 65 64 62 A2 12  Qh.....u<..edb..
0010: B8 59 72 3B                                        .Yr;
]
]

Trust this certificate? [no]:  y
Certificate was added to keystore

c:\Program Files\Java\jdk1.8.0_91\jre\bin>

Views

2.3K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Community Professional , Feb 21, 2017 Feb 21, 2017
jc01txstate  wroteThe value of Java Home points to C:\Program Files\Java\jdk1.8.0_91\jre.
Then you should delete the JVM flag, -Dhttps.protocols=TLSv1.2,TLSv1.1. It is repetitive and unnecessary, as JDK1.8 can handle TLS 1.2 and TLS 1.1 by default.

Likes

Translate

Translate
Adobe Community Professional ,
Feb 19, 2017 Feb 19, 2017

Copy link to clipboard

Copied

First of all, let us get one thing out of the way. You refer to 2 separate installations of the Java Runtime Environment, c:\ColdFusion10\jre and c:\Program Files\Java\jdk1.8.0_91\jre. Which one does your ColdFusion installation use?

To put it another way. Open the ColdFusion Administrator. Click on the symbol (System Information) in the top right-hand corner. What is the value of Java Home?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Feb 20, 2017 Feb 20, 2017

Copy link to clipboard

Copied

The value of Java Home points to C:\Program Files\Java\jdk1.8.0_91\jre.  I am still unable to schedule a task successfully after installing the certificate from this directory.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Feb 21, 2017 Feb 21, 2017

Copy link to clipboard

Copied

Which update of CF 10 are you running?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Feb 21, 2017 Feb 21, 2017

Copy link to clipboard

Copied

LATEST

jc01txstate  wrote

The value of Java Home points to C:\Program Files\Java\jdk1.8.0_91\jre.

Then you should delete the JVM flag, -Dhttps.protocols=TLSv1.2,TLSv1.1. It is repetitive and unnecessary, as JDK1.8 can handle TLS 1.2 and TLS 1.1 by default.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines