Thank you all for replying, I feel I should apologize - I can't access gmail during the day at the moment :(
@Dale yes one of those would be nice, been trying for years. @Mark True. I don't know why I said browsers. Importing the certificate is not going to help in this case. Or at least I can't find a way to tell the keystore 'hey, this host, with this cert, is okay by me'. After some investigation, I found how the hostname validation is done and it is possible to implement your own hostname to certificate validator. Ref: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SettingHostnameVerifier I had great hopes for this utility class below; http://en.wikibooks.org/wiki/WebObjects/Web_Services/How_to_Trust_Any_SSL_Certificate It has exactly what I need: SSLUtilities.trustAllHostnames() I compiled this class and called it from CF but it had no effect. My guess is it's a classloader issue. I'm not quite giving up and I'll try again tomorrow. Perhaps someone more java-nerdy has some ideas? (Mandel I'm looking at you!). Maybe this could/should be done from CFML ... <cfhttp verifyHost="false" ... /> Cheers and thanks again. On 30 June 2010 11:26, Antony Sideropoulos <antonysideropou...@gmail.com>wrote: > Or you could do it directly within CF using this CFAdmin extension: > http://certman.riaforge.org/ > > On Wed, Jun 30, 2010 at 11:21 AM, Pat <p...@heypatty.com> wrote: > > http://jxplorer.org/ has a fairly nifty GUI for importing certificates > > into a truststore. > > > > I would think that CF would use the truststore of the JRE/JDK that it > > sits on. The truststore file that java uses is usually contained in a > > file called "cacerts". Open this up with JXplorer and you'll see a > > complete list of the trusted certs with the ability to add and delete. > > > > On Jun 30, 9:30 am, Barry Chesterman <barrychester...@gmail.com> > > wrote: > >> I could be wrong, but I seem to remember seeing something that you can > add a > >> certificate as a 'trusted cert' on the coldfusion server that is doing > the > >> cfhttp call, so maybe have a google for that too? > >> > >> On Wed, Jun 30, 2010 at 10:19 AM, Mark Mandel <mark.man...@gmail.com> > wrote: > >> > I think you're stuck with what Dale is saying, or use keytool to > import it > >> > into the JDK. > >> > >> > Putting an exception into browsers is pretty straight forward. > >> > >> > Mark > >> > >> > On Tue, Jun 29, 2010 at 7:26 PM, MrBuzzy <mrbu...@gmail.com> wrote: > >> > >> >> Dear Brains-trust, > >> > >> >> I'd like to make a CFHTTP request over SSL to one of our dev servers. > >> > >> >> The dev server has a normal SSL certificate, from a trusted root > >> >> authority. > >> > >> >> However the host name does not match the name registered to > >> >> the certificate (because it's a dev host). CFHTTP fails to make the > >> >> connection. > >> > >> >> Any thoughts on how to achieve this? > >> > >> >> While I haven't done much googling, I'm thinking about generating an > >> >> untrusted certificate and using this instead. > >> >> The downside being the certificate needs to be imported to each JVM > and > >> >> browser, as required. > >> > >> >> Cheers. > >> > >> >> -- > >> >> You received this message because you are subscribed to the Google > Groups > >> >> "cfaussie" group. > >> >> To post to this group, send email to cfaus...@googlegroups.com. > >> >> To unsubscribe from this group, send email to > >> >> cfaussie+unsubscr...@googlegroups.com<cfaussie%2bunsubscr...@googlegroups.com> > <cfaussie%2bunsubscr...@googlegroups.com<cfaussie%252bunsubscr...@googlegroups.com> > > > >> >> . > >> >> For more options, visit this group at > >> >>http://groups.google.com/group/cfaussie?hl=en. > >> > >> > -- > >> > E: mark.man...@gmail.com > >> > T:http://www.twitter.com/neurotic > >> > W:www.compoundtheory.com > >> > >> > cf.Objective(ANZ) - Nov 18, 19 - Melbourne Australia > >> >http://www.cfobjective.com.au > >> > >> > Hands-on ColdFusion ORM Training > >> >www.ColdFusionOrmTraining.com > >> > >> > -- > >> > You received this message because you are subscribed to the Google > Groups > >> > "cfaussie" group. > >> > To post to this group, send email to cfaus...@googlegroups.com. > >> > To unsubscribe from this group, send email to > >> > cfaussie+unsubscr...@googlegroups.com<cfaussie%2bunsubscr...@googlegroups.com> > <cfaussie%2bunsubscr...@googlegroups.com<cfaussie%252bunsubscr...@googlegroups.com> > > > >> > . > >> > For more options, visit this group at > >> >http://groups.google.com/group/cfaussie?hl=en. > > > > -- > > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > > To post to this group, send email to cfaus...@googlegroups.com. > > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com<cfaussie%2bunsubscr...@googlegroups.com> > . > > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com<cfaussie%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. > > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
