Just to double check and a random idea - are you running this on the standard
JVM that comes with CF or has it been upgraded to 1.6.20+?
Cheers
Kai
> Okay some more news... but it is still not working.
>
> When I try to delete a certificate from the Java KeyStore using the certman
> CFIDE extension it throws an error.
> Subsequently I have reverted to using the command line to do the KeyStore
> maintenance.
>
> Here is what I have done;
>
> Imported into the KeyStore the public key used to access our SSL secured
> website. (I.e the key we would issue to a client so that they could access
> the site.
>
> in code this following line;
> <cfset remoteLoginService = createObject("component",
>
> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
>
> causes this error;
> Unable to read WSDL from URL:
> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error:
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>
> Now I don't know if this is the same thing or not, but I exported (via
> Firefox - by clicking on the padlock icon and choosing EXPORT) the
> certificate at the website.
> Imported THAT certificate in the Java KeyStore - get the same error as above.
>
>
> I then read on a blog - something about requiring the certificate used to
> sign the public key and since we signed the key ourselves I added that to the
> Java KeyStore too.
> But unfortunately - I still get the same error.
>
> The command line confirms that the certs are indeed in the KeyStore - as does
> the CertMan CFIDE extension.
> I have restarted the CF service after each certificate installation.
>
> It would "seem" I have done everything required - but it still doesn't work.
>
> And let me also say that if I place the exact same CFCs and calling code onto
> a non-SSL path - then the web service is consumed correctly - so am really
> confident it is not a CFML coding issue.
>
>
> If anyone has any ideas at all - I would be most appreciative - Of course -
> if I do get it working - I will let everyone know what I did.
>
> Gavin.
>
>
> On 05/08/2010, at 11:50 PM, MrBuzzy wrote:
>
>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never know.
>>
>> I guess you're back to the challenge of importing it correctly. Or there's
>> some other issue going on.
>>
>> Sent from my iPhone
>>
>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis <b...@palcare.com.au> wrote:
>>
>>> I don't get a cert warning in the browser because I have "that" cert and
>>> only that cert installed in the browser already.
>>>
>>> Our staging sites have all been confired to allow the same developer's
>>> client cert - thus one cert for all staging sites.
>>>
>>> Thus only have one cert installed means you don't even get the prompt for
>>> the cert it's just automatically applied by firefox - after the first run
>>> of course...
>>>
>>> Well - at least that's what I am putting it (the working in the browser)
>>> down to anyway.
>>>
>>> As for the JVM that we're using - to be honest - I wouldn't have a clue...
>>> but since we're running CF9 - would it not be using whatever CF9 gets
>>> bundled with?
>>>
>>>
>>> Gavin.
>>>
>>>
>>>
>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote:
>>>
>>>> What I find interesting is your browser does not give any certificate
>>>> warnings when viewing the wsdl over https. That usually means you wont
>>>> need to import the certificate or issuing authority in to the JVM.
>>>>
>>>> Is it possible you are using any early-ish JVM, like version 1.4.2?
>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You will need
>>>> to modify jvm.config once you have installed the new JVM and give CF a
>>>> restart.
>>>>
>>>> On 5 August 2010 20:29, Gavin Beau Baumanis <b...@palcare.com.au> wrote:
>>>>
>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote:
>>>>
>>>> > Annoying isn't it :)
>>>> >
>>>> Yup sure is.
>>>>
>>>>
>>>> > When you view the https wsdl in a browser what warnings (if any) do you
>>>> > get?
>>>> >
>>>> None.
>>>>
>>>> The WSDL looks identical to that produced when using a non-https URL.
>>>> Apart from the namespace addresses etc being different because of the
>>>> different URL
>>>>
>>>>
>>>>
>>>> > Also if you're going commando (command line hehe) just check that you
>>>> > are working on the same jvm or jdk that is specified in ColdFusion's
>>>> > jvm.config file.
>>>> >
>>>> Ahh righteo....
>>>> I didn't consider that.... but thanks.
>>>>
>>>> It still doesn't work though.... bummer....
>>>>
>>>> Anyone got anything further I could try?
>>>> Or is it simply a fact that importing the server cert into the java
>>>> keystore - should see it working?
>>>> And if that is the case - does the alias used when importing the cert,
>>>> matter any?
>>>>
>>>> Thanks again....
>>>>
>>>>
>>>>
>>>> > Sent from my iPhone
>>>> >
>>>> > On 05/08/2010, at 4:50 PM, Gavin Baumanis <beauecli...@gmail.com> wrote:
>>>> >
>>>> >> Hi Everyone,
>>>> >>
>>>> >> I have been trying to get this to work for the past few days and have
>>>> >> finally decided I should ask for some help.
>>>> >> I have a service that runs on a server using the https protocol.
>>>> >>
>>>> >> Sunsequently - when I try to use that service I get the folling error;
>>>> >> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error:
>>>> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>>> >>
>>>> >> All the items I read seemed to say that all I needed to do was to add
>>>> >> the certificate to java keystore.
>>>> >> Which have done using this;
>>>> >> http://certman.riaforge.org/
>>>> >>
>>>> >> I even tried using the command line - just in case there was some
>>>> >> "odd" issue with the Certificate Manager extension to CF Admin.
>>>> >>
>>>> >> But still no dice.
>>>> >>
>>>> >> I have added the server cert and also tried by adding in the client
>>>> >> cert too - but I still receive that error.
>>>> >> Interestingly enough - I can successfully see the WSDL via the browser
>>>> >> and https.
>>>> >>
>>>> >> If I place the code on a non-ssl connection - everything works as
>>>> >> expected - so I know that my CFCs/code etc is working correctly.
>>>> >>
>>>> >> If anyone has any ideas - I would be most appreciative.
>>>> >>
>>>> >>
>>>> >> Gavin.
>>>> >>
>>>> >> --
>>>> >> You received this message because you are subscribed to the Google
>>>> >> Groups "cfaussie" group.
>>>> >> To post to this group, send email to cfaus...@googlegroups.com.
>>>> >> To unsubscribe from this group, send email to
>>>> >> cfaussie+unsubscr...@googlegroups.com.
>>>> >> For more options, visit this group at
>>>> >> http://groups.google.com/group/cfaussie?hl=en.
>>>> >>
>>>> >
>>>> > --
>>>> > You received this message because you are subscribed to the Google
>>>> > Groups "cfaussie" group.
>>>> > To post to this group, send email to cfaus...@googlegroups.com.
>>>> > To unsubscribe from this group, send email to
>>>> > cfaussie+unsubscr...@googlegroups.com.
>>>> > For more options, visit this group at
>>>> > http://groups.google.com/group/cfaussie?hl=en.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "cfaussie" group.
>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> cfaussie+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "cfaussie" group.
>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> cfaussie+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "cfaussie" group.
>>> To post to this group, send email to cfaus...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> cfaussie+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/cfaussie?hl=en.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "cfaussie" group.
>> To post to this group, send email to cfaus...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "cfaussie" group.
> To post to this group, send email to cfaus...@googlegroups.com.
> To unsubscribe from this group, send email to
> cfaussie+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/cfaussie?hl=en.
--
Kai Koenig - Ventego Creative Ltd
ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117
web: http://www.ventego-creative.co.nz
blog: http://www.bloginblack.de
twitter: http://www.twitter.com/agentK
--
--
You received this message because you are subscribed to the Google Groups
"cfaussie" group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
