you don;t by any chance have a blank password/no password on the pfx file do you ?
On Thu, Jul 25, 2013 at 9:24 PM, Mark A Kruger <mkru...@cfwebtools.com>wrote: > > Jeff, > > What JVM version are you using on CF9 and what do the args look like? > Sometimes it's a matter of the handshake and levels of TLS/SSL - the error > may be not specific enough to tell. You can enable logging to get a grip on > it though. That would tell you more. > > -Mark > > > -----Original Message----- > From: Jeff Garza [mailto:j...@garzasixpack.com] > Sent: Thursday, July 25, 2013 12:25 PM > To: cf-talk > Subject: issue with cfhttp and client certificates > > > Ok, so here's the issue. A process that was working just fine on CF9 is > now broken on CF10. We have a service that we call that requires us to > submit a client certificate to the server. In CF9, this worked just fine. > Use the clientcert and clientcertpass attributes of CFHTTP and you're good > to go. It reads the .pfx file fine and everything runs... This is not a > cacerts issue as you do not have to have the key in the keystore to use > it. > Forward to CF10, the exact same code and certificates now gives the error: > > "Error while trying to get the SSL client certificate: > java.security.UnrecoverableKeyException: Could not decrypt key: Could not > decode key from BER. (Invalid encoding: expected tag not there. )." > It's like it's unable to open the .pfx certificate file. > I know this is a long shot since there are not many folks out there using > client certs, but has anyone else run across this issue? > Thanks, > Jeff Garza > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356320 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
