Now remember how I said EVERYTHING was working correctly for straight hhtp?
Well that hasn't changed - but I have to wonder how?
Here is the code I am using;
<cfset remoteLoginService = createObject("component",
"my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
should it not be?;
<cfset remoteLoginService = createObject("webservice",
"https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
I did try this by the way - and I still get the unauthenticated peer error
message.... but I just thought it odd that thew previous version worked at all.
I also a "." (period) used instead of the "?" in CFLIVEDOCS - which I also
tried - without success.
Once again I got the authentication error..... so it would seem my underlying
issue is still a certificate error -
but if someone could shoot me the correct code to use when invoking a web
service (perhaps you have one in your code already??) - that would be most
handy.
Gavin.
On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote:
> Hi Kai,
>
> Here is what CFAdmin tells me;
>
> JVM Details
> Java Version 1.6.0_14
> Java Vendor Sun Microsystems Inc.
> Java Vendor URL http://java.sun.com/
> Java Home /opt/coldfusion9/runtime/jre
>
> Java VM Specification Version 1.0
> Java VM Specification Vendor Sun Microsystems Inc.
> Java VM Specification Name Java Virtual Machine Specification
> Java VM Version 14.0-b16
> Java VM Vendor Sun Microsystems Inc.
> Java VM Name Java HotSpot(TM) Server VM
> Java Specification Version 1.6
> Java Specification Vendor Sun Microsystems Inc.
> Java Specification Name Java Platform API Specification
> Java Class Version 50.0
>
>
> So I am going to go with - we're using the normal / standard CF install
> version.
>
> Gavin
>
>
> On 06/08/2010, at 12:58 PM, Kai Koenig wrote:
>
>> Just to double check and a random idea - are you running this on the
>> standard JVM that comes with CF or has it been upgraded to 1.6.20+?
>>
>> Cheers
>> Kai
>>
>>
>>> Okay some more news... but it is still not working.
>>>
>>> When I try to delete a certificate from the Java KeyStore using the certman
>>> CFIDE extension it throws an error.
>>> Subsequently I have reverted to using the command line to do the KeyStore
>>> maintenance.
>>>
>>> Here is what I have done;
>>>
>>> Imported into the KeyStore the public key used to access our SSL secured
>>> website. (I.e the key we would issue to a client so that they could access
>>> the site.
>>>
>>> in code this following line;
>>> <cfset remoteLoginService = createObject("component",
>>>
>>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
>>>
>>> causes this error;
>>> Unable to read WSDL from URL:
>>> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error:
>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>>
>>> Now I don't know if this is the same thing or not, but I exported (via
>>> Firefox - by clicking on the padlock icon and choosing EXPORT) the
>>> certificate at the website.
>>> Imported THAT certificate in the Java KeyStore - get the same error as
>>> above.
>>>
>>>
>>> I then read on a blog - something about requiring the certificate used to
>>> sign the public key and since we signed the key ourselves I added that to
>>> the Java KeyStore too.
>>> But unfortunately - I still get the same error.
>>>
>>> The command line confirms that the certs are indeed in the KeyStore - as
>>> does the CertMan CFIDE extension.
>>> I have restarted the CF service after each certificate installation.
>>>
>>> It would "seem" I have done everything required - but it still doesn't work.
>>>
>>> And let me also say that if I place the exact same CFCs and calling code
>>> onto a non-SSL path - then the web service is consumed correctly - so am
>>> really confident it is not a CFML coding issue.
>>>
>>>
>>> If anyone has any ideas at all - I would be most appreciative - Of course -
>>> if I do get it working - I will let everyone know what I did.
>>>
>>> Gavin.
>>>
>>>
>>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote:
>>>
>>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never know.
>>>>
>>>> I guess you're back to the challenge of importing it correctly. Or there's
>>>> some other issue going on.
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis <b...@palcare.com.au>
>>>> wrote:
>>>>
>>>>> I don't get a cert warning in the browser because I have "that" cert and
>>>>> only that cert installed in the browser already.
>>>>>
>>>>> Our staging sites have all been confired to allow the same developer's
>>>>> client cert - thus one cert for all staging sites.
>>>>>
>>>>> Thus only have one cert installed means you don't even get the prompt for
>>>>> the cert it's just automatically applied by firefox - after the first run
>>>>> of course...
>>>>>
>>>>> Well - at least that's what I am putting it (the working in the browser)
>>>>> down to anyway.
>>>>>
>>>>> As for the JVM that we're using - to be honest - I wouldn't have a
>>>>> clue... but since we're running CF9 - would it not be using whatever CF9
>>>>> gets bundled with?
>>>>>
>>>>>
>>>>> Gavin.
>>>>>
>>>>>
>>>>>
>>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote:
>>>>>
>>>>>> What I find interesting is your browser does not give any certificate
>>>>>> warnings when viewing the wsdl over https. That usually means you wont
>>>>>> need to import the certificate or issuing authority in to the JVM.
>>>>>>
>>>>>> Is it possible you are using any early-ish JVM, like version 1.4.2?
>>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You will
>>>>>> need to modify jvm.config once you have installed the new JVM and give
>>>>>> CF a restart.
>>>>>>
>>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis <b...@palcare.com.au> wrote:
>>>>>>
>>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote:
>>>>>>
>>>>>> > Annoying isn't it :)
>>>>>> >
>>>>>> Yup sure is.
>>>>>>
>>>>>>
>>>>>> > When you view the https wsdl in a browser what warnings (if any) do
>>>>>> > you get?
>>>>>> >
>>>>>> None.
>>>>>>
>>>>>> The WSDL looks identical to that produced when using a non-https URL.
>>>>>> Apart from the namespace addresses etc being different because of the
>>>>>> different URL
>>>>>>
>>>>>>
>>>>>>
>>>>>> > Also if you're going commando (command line hehe) just check that you
>>>>>> > are working on the same jvm or jdk that is specified in ColdFusion's
>>>>>> > jvm.config file.
>>>>>> >
>>>>>> Ahh righteo....
>>>>>> I didn't consider that.... but thanks.
>>>>>>
>>>>>> It still doesn't work though.... bummer....
>>>>>>
>>>>>> Anyone got anything further I could try?
>>>>>> Or is it simply a fact that importing the server cert into the java
>>>>>> keystore - should see it working?
>>>>>> And if that is the case - does the alias used when importing the cert,
>>>>>> matter any?
>>>>>>
>>>>>> Thanks again....
>>>>>>
>>>>>>
>>>>>>
>>>>>> > Sent from my iPhone
>>>>>> >
>>>>>> > On 05/08/2010, at 4:50 PM, Gavin Baumanis <beauecli...@gmail.com>
>>>>>> > wrote:
>>>>>> >
>>>>>> >> Hi Everyone,
>>>>>> >>
>>>>>> >> I have been trying to get this to work for the past few days and have
>>>>>> >> finally decided I should ask for some help.
>>>>>> >> I have a service that runs on a server using the https protocol.
>>>>>> >>
>>>>>> >> Sunsequently - when I try to use that service I get the folling error;
>>>>>> >> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error:
>>>>>> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>>>>> >>
>>>>>> >> All the items I read seemed to say that all I needed to do was to add
>>>>>> >> the certificate to java keystore.
>>>>>> >> Which have done using this;
>>>>>> >> http://certman.riaforge.org/
>>>>>> >>
>>>>>> >> I even tried using the command line - just in case there was some
>>>>>> >> "odd" issue with the Certificate Manager extension to CF Admin.
>>>>>> >>
>>>>>> >> But still no dice.
>>>>>> >>
>>>>>> >> I have added the server cert and also tried by adding in the client
>>>>>> >> cert too - but I still receive that error.
>>>>>> >> Interestingly enough - I can successfully see the WSDL via the browser
>>>>>> >> and https.
>>>>>> >>
>>>>>> >> If I place the code on a non-ssl connection - everything works as
>>>>>> >> expected - so I know that my CFCs/code etc is working correctly.
>>>>>> >>
>>>>>> >> If anyone has any ideas - I would be most appreciative.
>>>>>> >>
>>>>>> >>
>>>>>> >> Gavin.
>>>>>> >>
>>>>>> >> --
>>>>>> >> You received this message because you are subscribed to the Google
>>>>>> >> Groups "cfaussie" group.
>>>>>> >> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>> >> To unsubscribe from this group, send email to
>>>>>> >> cfaussie+unsubscr...@googlegroups.com.
>>>>>> >> For more options, visit this group at
>>>>>> >> http://groups.google.com/group/cfaussie?hl=en.
>>>>>> >>
>>>>>> >
>>>>>> > --
>>>>>> > You received this message because you are subscribed to the Google
>>>>>> > Groups "cfaussie" group.
>>>>>> > To post to this group, send email to cfaus...@googlegroups.com.
>>>>>> > To unsubscribe from this group, send email to
>>>>>> > cfaussie+unsubscr...@googlegroups.com.
>>>>>> > For more options, visit this group at
>>>>>> > http://groups.google.com/group/cfaussie?hl=en.
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "cfaussie" group.
>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>> To unsubscribe from this group, send email to
>>>>>> cfaussie+unsubscr...@googlegroups.com.
>>>>>> For more options, visit this group at
>>>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "cfaussie" group.
>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>> To unsubscribe from this group, send email to
>>>>>> cfaussie+unsubscr...@googlegroups.com.
>>>>>> For more options, visit this group at
>>>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google Groups
>>>>> "cfaussie" group.
>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> cfaussie+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups
>>>> "cfaussie" group.
>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> cfaussie+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/cfaussie?hl=en.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "cfaussie" group.
>>> To post to this group, send email to cfaus...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> cfaussie+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/cfaussie?hl=en.
>>
>>
>> --
>> Kai Koenig - Ventego Creative Ltd
>> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117
>> web: http://www.ventego-creative.co.nz
>> blog: http://www.bloginblack.de
>> twitter: http://www.twitter.com/agentK
>> --
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "cfaussie" group.
>> To post to this group, send email to cfaus...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "cfaussie" group.
> To post to this group, send email to cfaus...@googlegroups.com.
> To unsubscribe from this group, send email to
> cfaussie+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/cfaussie?hl=en.
--
You received this message because you are subscribed to the Google Groups
"cfaussie" group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
