Hi Kai,
Here is what CFAdmin tells me;
JVM Details
Java Version 1.6.0_14
Java Vendor Sun Microsystems Inc.
Java Vendor URL http://java.sun.com/
Java Home /opt/coldfusion9/runtime/jre
Java VM Specification Version 1.0
Java VM Specification Vendor Sun Microsystems Inc.
Java VM Specification Name Java Virtual Machine Specification
Java VM Version 14.0-b16
Java VM Vendor Sun Microsystems Inc.
Java VM Name Java HotSpot(TM) Server VM
Java Specification Version 1.6
Java Specification Vendor Sun Microsystems Inc.
Java Specification Name Java Platform API Specification
Java Class Version 50.0
So I am going to go with - we're using the normal / standard CF install version.
Gavin
On 06/08/2010, at 12:58 PM, Kai Koenig wrote:
> Just to double check and a random idea - are you running this on the standard
> JVM that comes with CF or has it been upgraded to 1.6.20+?
>
> Cheers
> Kai
>
>
>> Okay some more news... but it is still not working.
>>
>> When I try to delete a certificate from the Java KeyStore using the certman
>> CFIDE extension it throws an error.
>> Subsequently I have reverted to using the command line to do the KeyStore
>> maintenance.
>>
>> Here is what I have done;
>>
>> Imported into the KeyStore the public key used to access our SSL secured
>> website. (I.e the key we would issue to a client so that they could access
>> the site.
>>
>> in code this following line;
>> <cfset remoteLoginService = createObject("component",
>>
>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
>>
>> causes this error;
>> Unable to read WSDL from URL:
>> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error:
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>
>> Now I don't know if this is the same thing or not, but I exported (via
>> Firefox - by clicking on the padlock icon and choosing EXPORT) the
>> certificate at the website.
>> Imported THAT certificate in the Java KeyStore - get the same error as
>> above.
>>
>>
>> I then read on a blog - something about requiring the certificate used to
>> sign the public key and since we signed the key ourselves I added that to
>> the Java KeyStore too.
>> But unfortunately - I still get the same error.
>>
>> The command line confirms that the certs are indeed in the KeyStore - as
>> does the CertMan CFIDE extension.
>> I have restarted the CF service after each certificate installation.
>>
>> It would "seem" I have done everything required - but it still doesn't work.
>>
>> And let me also say that if I place the exact same CFCs and calling code
>> onto a non-SSL path - then the web service is consumed correctly - so am
>> really confident it is not a CFML coding issue.
>>
>>
>> If anyone has any ideas at all - I would be most appreciative - Of course -
>> if I do get it working - I will let everyone know what I did.
>>
>> Gavin.
>>
>>
>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote:
>>
>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never know.
>>>
>>> I guess you're back to the challenge of importing it correctly. Or there's
>>> some other issue going on.
>>>
>>> Sent from my iPhone
>>>
>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis <b...@palcare.com.au> wrote:
>>>
>>>> I don't get a cert warning in the browser because I have "that" cert and
>>>> only that cert installed in the browser already.
>>>>
>>>> Our staging sites have all been confired to allow the same developer's
>>>> client cert - thus one cert for all staging sites.
>>>>
>>>> Thus only have one cert installed means you don't even get the prompt for
>>>> the cert it's just automatically applied by firefox - after the first run
>>>> of course...
>>>>
>>>> Well - at least that's what I am putting it (the working in the browser)
>>>> down to anyway.
>>>>
>>>> As for the JVM that we're using - to be honest - I wouldn't have a clue...
>>>> but since we're running CF9 - would it not be using whatever CF9 gets
>>>> bundled with?
>>>>
>>>>
>>>> Gavin.
>>>>
>>>>
>>>>
>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote:
>>>>
>>>>> What I find interesting is your browser does not give any certificate
>>>>> warnings when viewing the wsdl over https. That usually means you wont
>>>>> need to import the certificate or issuing authority in to the JVM.
>>>>>
>>>>> Is it possible you are using any early-ish JVM, like version 1.4.2?
>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You will
>>>>> need to modify jvm.config once you have installed the new JVM and give CF
>>>>> a restart.
>>>>>
>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis <b...@palcare.com.au> wrote:
>>>>>
>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote:
>>>>>
>>>>> > Annoying isn't it :)
>>>>> >
>>>>> Yup sure is.
>>>>>
>>>>>
>>>>> > When you view the https wsdl in a browser what warnings (if any) do you
>>>>> > get?
>>>>> >
>>>>> None.
>>>>>
>>>>> The WSDL looks identical to that produced when using a non-https URL.
>>>>> Apart from the namespace addresses etc being different because of the
>>>>> different URL
>>>>>
>>>>>
>>>>>
>>>>> > Also if you're going commando (command line hehe) just check that you
>>>>> > are working on the same jvm or jdk that is specified in ColdFusion's
>>>>> > jvm.config file.
>>>>> >
>>>>> Ahh righteo....
>>>>> I didn't consider that.... but thanks.
>>>>>
>>>>> It still doesn't work though.... bummer....
>>>>>
>>>>> Anyone got anything further I could try?
>>>>> Or is it simply a fact that importing the server cert into the java
>>>>> keystore - should see it working?
>>>>> And if that is the case - does the alias used when importing the cert,
>>>>> matter any?
>>>>>
>>>>> Thanks again....
>>>>>
>>>>>
>>>>>
>>>>> > Sent from my iPhone
>>>>> >
>>>>> > On 05/08/2010, at 4:50 PM, Gavin Baumanis <beauecli...@gmail.com> wrote:
>>>>> >
>>>>> >> Hi Everyone,
>>>>> >>
>>>>> >> I have been trying to get this to work for the past few days and have
>>>>> >> finally decided I should ask for some help.
>>>>> >> I have a service that runs on a server using the https protocol.
>>>>> >>
>>>>> >> Sunsequently - when I try to use that service I get the folling error;
>>>>> >> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error:
>>>>> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>>>> >>
>>>>> >> All the items I read seemed to say that all I needed to do was to add
>>>>> >> the certificate to java keystore.
>>>>> >> Which have done using this;
>>>>> >> http://certman.riaforge.org/
>>>>> >>
>>>>> >> I even tried using the command line - just in case there was some
>>>>> >> "odd" issue with the Certificate Manager extension to CF Admin.
>>>>> >>
>>>>> >> But still no dice.
>>>>> >>
>>>>> >> I have added the server cert and also tried by adding in the client
>>>>> >> cert too - but I still receive that error.
>>>>> >> Interestingly enough - I can successfully see the WSDL via the browser
>>>>> >> and https.
>>>>> >>
>>>>> >> If I place the code on a non-ssl connection - everything works as
>>>>> >> expected - so I know that my CFCs/code etc is working correctly.
>>>>> >>
>>>>> >> If anyone has any ideas - I would be most appreciative.
>>>>> >>
>>>>> >>
>>>>> >> Gavin.
>>>>> >>
>>>>> >> --
>>>>> >> You received this message because you are subscribed to the Google
>>>>> >> Groups "cfaussie" group.
>>>>> >> To post to this group, send email to cfaus...@googlegroups.com.
>>>>> >> To unsubscribe from this group, send email to
>>>>> >> cfaussie+unsubscr...@googlegroups.com.
>>>>> >> For more options, visit this group at
>>>>> >> http://groups.google.com/group/cfaussie?hl=en.
>>>>> >>
>>>>> >
>>>>> > --
>>>>> > You received this message because you are subscribed to the Google
>>>>> > Groups "cfaussie" group.
>>>>> > To post to this group, send email to cfaus...@googlegroups.com.
>>>>> > To unsubscribe from this group, send email to
>>>>> > cfaussie+unsubscr...@googlegroups.com.
>>>>> > For more options, visit this group at
>>>>> > http://groups.google.com/group/cfaussie?hl=en.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "cfaussie" group.
>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> cfaussie+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "cfaussie" group.
>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> cfaussie+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "cfaussie" group.
>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> cfaussie+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "cfaussie" group.
>>> To post to this group, send email to cfaus...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> cfaussie+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/cfaussie?hl=en.
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "cfaussie" group.
>> To post to this group, send email to cfaus...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>
>
> --
> Kai Koenig - Ventego Creative Ltd
> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117
> web: http://www.ventego-creative.co.nz
> blog: http://www.bloginblack.de
> twitter: http://www.twitter.com/agentK
> --
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "cfaussie" group.
> To post to this group, send email to cfaus...@googlegroups.com.
> To unsubscribe from this group, send email to
> cfaussie+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/cfaussie?hl=en.
--
You received this message because you are subscribed to the Google Groups
"cfaussie" group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
