Web service access error: javax.servlet.ServletException: https is forbidden

Report · Jun 17, 2013

We have Coldfusion 10 configured on an IIS web site using a GoDaddy provided SSL certificate. When we try to access a web service we receive a 500 error from the server. When we look at the application log we see the following record:

"Error","ajp-bio-8012-exec-2","06/17/13","14:20:19","SmartPriceAdmin","The web service operation caused an invocation exception.The root cause was that: javax.servlet.ServletException: https is forbidden The specific sequence of files included or processed is: C:\WebSites\Something\SMARTPriceServices.cfc'' "

C:\WebSites\Something\SMARTPriceServices.cfc is the location on the server where the actual web service file resides.

I'm not the sites developer but I'm trying to aid him in finding the issue. We've added the sites SSL certificate through the SSL Certificate Management feature of the Administrator and restarted the Coldfusion 10 Appllication Service but it had no effect. Any help would be very appreciated.

Report · Jun 17, 2013

Can you access a CFM inside the directory? It might be IIS configuration issue.

Report · Jun 18, 2013

Yes, I can. Also, when the SSL requirement is removed for the site it works as expected. The error suggests a specific issue with the java component and https. Unfortunately, I'm not a CF expert and the developer isn't familiar with the issue either.

Report · Jun 18, 2013

I'm almost certain that the issue is related to Web server configuration with SSL installed.

Try this and see if that works. In the CF Admin, there is a way to flush out generated CFC files.

Report · Jun 18, 2013

The SSL certificate is supplied by a GoDaddy and is installed correctly and the CF site is working using https. It's specific to the web service but the developer was able to get it to work by manually adding a record to Web Services using the http address. The same webservice is now working properly even when accessed using https so I'm not sure why that worked but I think we can move forward. Thank you for your time and suggestions. I do appreciate it.

Report · Jul 17, 2013

The issue is because by default Axis is set to only permit HTTP calls and not HTTPS. You have to update the ColdFusion10\cfusion\wwwroot\WEB-INF\Axis2.xml file to enable the HTTPS mode. I found Apache documentation on it here;

http://axis.apache.org/axis2/java/core/docs/servlet-transport.html

Using their documentation I changed it from this;

to this

</transportReceiver>

</transportReceiver>

I'm still testing though to see if this works correctly

Report · Jul 17, 2013

Hi,

Can you please check which Axis is selected in your ColdFusion Admin. If it is Axis 2, then try to add the transport receiver for HTTPS which Leith mentioned and restart the service. Also you can try with Axis 1.

Hope this helps.

Regards,

Priyank

Thanks,
Priyank Shrivastava

Report · Jul 17, 2013

Of note I had to change the port #'s to be 80 & 443 to match those of the websites running under IIS. When the ports didn't match the calls would fail.

Report · Apr 24, 2018

This fixed mine.

Adobe Community

Web service access error: javax.servlet.ServletException: https is forbidden