Apologies, Justin is correct. I tested this on one of our CF 8 servers and the host file/IP manipulation worked as stated.
I'm so used to dealing with the * certificate issue, I wasn't aware this wasn't the case for the new certificates with the multiple names. FYI, I tried things out on CF 10, and it appears to accept these types of certificates without issue. Byron Mann Lead Engineer & Architect HostMySite.com On Thu, Jan 16, 2014 at 4:18 PM, Justin Scott <leviat...@darktech.org>wrote: > > > You will need to import the star (*) certificate into the keystore for > the > > java instance ColdFusion is running upon. > > > > Basically ColdFusion doesn't like to speak to *.domain.com certificates > (I > > think CF10 doesn't mind so much), as it is not an exact match to the URL > it > > is attempting to access. > > In this case it's not a wildcard certificate, it's a standard cert > using the "subject alternative names" extension which isn't supported > on Java 6. Importing the certificate into the Java keystore won't > help in this case because the primary name on the certificate doesn't > match the hostname being called. Java will only check against the > primary hostname and not the "alternative names" listed in the > certificate. Calling the primary hostname on the certificate and > using a hosts entry to override the DNS entry to direct it to the > right IP is the only workaround in this instance. > > > -Justin Scott > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357467 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm