Now remember how I said EVERYTHING was working correctly for straight hhtp?
Well that hasn't changed - but I have to wonder how? Here is the code I am using; <cfset remoteLoginService = createObject("component", "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl")> should it not be?; <cfset remoteLoginService = createObject("webservice", "https://mydomain/my/path/to/cfc/Service.cfc?wsdl")> I did try this by the way - and I still get the unauthenticated peer error message.... but I just thought it odd that thew previous version worked at all. I also a "." (period) used instead of the "?" in CFLIVEDOCS - which I also tried - without success. Once again I got the authentication error..... so it would seem my underlying issue is still a certificate error - but if someone could shoot me the correct code to use when invoking a web service (perhaps you have one in your code already??) - that would be most handy. Gavin. On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote: > Hi Kai, > > Here is what CFAdmin tells me; > > JVM Details > Java Version 1.6.0_14 > Java Vendor Sun Microsystems Inc. > Java Vendor URL http://java.sun.com/ > Java Home /opt/coldfusion9/runtime/jre > > Java VM Specification Version 1.0 > Java VM Specification Vendor Sun Microsystems Inc. > Java VM Specification Name Java Virtual Machine Specification > Java VM Version 14.0-b16 > Java VM Vendor Sun Microsystems Inc. > Java VM Name Java HotSpot(TM) Server VM > Java Specification Version 1.6 > Java Specification Vendor Sun Microsystems Inc. > Java Specification Name Java Platform API Specification > Java Class Version 50.0 > > > So I am going to go with - we're using the normal / standard CF install > version. > > Gavin > > > On 06/08/2010, at 12:58 PM, Kai Koenig wrote: > >> Just to double check and a random idea - are you running this on the >> standard JVM that comes with CF or has it been upgraded to 1.6.20+? >> >> Cheers >> Kai >> >> >>> Okay some more news... but it is still not working. >>> >>> When I try to delete a certificate from the Java KeyStore using the certman >>> CFIDE extension it throws an error. >>> Subsequently I have reverted to using the command line to do the KeyStore >>> maintenance. >>> >>> Here is what I have done; >>> >>> Imported into the KeyStore the public key used to access our SSL secured >>> website. (I.e the key we would issue to a client so that they could access >>> the site. >>> >>> in code this following line; >>> <cfset remoteLoginService = createObject("component", >>> >>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Service.cfc?wsdl")> >>> >>> causes this error; >>> Unable to read WSDL from URL: >>> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error: >>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. >>> >>> Now I don't know if this is the same thing or not, but I exported (via >>> Firefox - by clicking on the padlock icon and choosing EXPORT) the >>> certificate at the website. >>> Imported THAT certificate in the Java KeyStore - get the same error as >>> above. >>> >>> >>> I then read on a blog - something about requiring the certificate used to >>> sign the public key and since we signed the key ourselves I added that to >>> the Java KeyStore too. >>> But unfortunately - I still get the same error. >>> >>> The command line confirms that the certs are indeed in the KeyStore - as >>> does the CertMan CFIDE extension. >>> I have restarted the CF service after each certificate installation. >>> >>> It would "seem" I have done everything required - but it still doesn't work. >>> >>> And let me also say that if I place the exact same CFCs and calling code >>> onto a non-SSL path - then the web service is consumed correctly - so am >>> really confident it is not a CFML coding issue. >>> >>> >>> If anyone has any ideas at all - I would be most appreciative - Of course - >>> if I do get it working - I will let everyone know what I did. >>> >>> Gavin. >>> >>> >>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote: >>> >>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never know. >>>> >>>> I guess you're back to the challenge of importing it correctly. Or there's >>>> some other issue going on. >>>> >>>> Sent from my iPhone >>>> >>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis <b...@palcare.com.au> >>>> wrote: >>>> >>>>> I don't get a cert warning in the browser because I have "that" cert and >>>>> only that cert installed in the browser already. >>>>> >>>>> Our staging sites have all been confired to allow the same developer's >>>>> client cert - thus one cert for all staging sites. >>>>> >>>>> Thus only have one cert installed means you don't even get the prompt for >>>>> the cert it's just automatically applied by firefox - after the first run >>>>> of course... >>>>> >>>>> Well - at least that's what I am putting it (the working in the browser) >>>>> down to anyway. >>>>> >>>>> As for the JVM that we're using - to be honest - I wouldn't have a >>>>> clue... but since we're running CF9 - would it not be using whatever CF9 >>>>> gets bundled with? >>>>> >>>>> >>>>> Gavin. >>>>> >>>>> >>>>> >>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote: >>>>> >>>>>> What I find interesting is your browser does not give any certificate >>>>>> warnings when viewing the wsdl over https. That usually means you wont >>>>>> need to import the certificate or issuing authority in to the JVM. >>>>>> >>>>>> Is it possible you are using any early-ish JVM, like version 1.4.2? >>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You will >>>>>> need to modify jvm.config once you have installed the new JVM and give >>>>>> CF a restart. >>>>>> >>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis <b...@palcare.com.au> wrote: >>>>>> >>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote: >>>>>> >>>>>> > Annoying isn't it :) >>>>>> > >>>>>> Yup sure is. >>>>>> >>>>>> >>>>>> > When you view the https wsdl in a browser what warnings (if any) do >>>>>> > you get? >>>>>> > >>>>>> None. >>>>>> >>>>>> The WSDL looks identical to that produced when using a non-https URL. >>>>>> Apart from the namespace addresses etc being different because of the >>>>>> different URL >>>>>> >>>>>> >>>>>> >>>>>> > Also if you're going commando (command line hehe) just check that you >>>>>> > are working on the same jvm or jdk that is specified in ColdFusion's >>>>>> > jvm.config file. >>>>>> > >>>>>> Ahh righteo.... >>>>>> I didn't consider that.... but thanks. >>>>>> >>>>>> It still doesn't work though.... bummer.... >>>>>> >>>>>> Anyone got anything further I could try? >>>>>> Or is it simply a fact that importing the server cert into the java >>>>>> keystore - should see it working? >>>>>> And if that is the case - does the alias used when importing the cert, >>>>>> matter any? >>>>>> >>>>>> Thanks again.... >>>>>> >>>>>> >>>>>> >>>>>> > Sent from my iPhone >>>>>> > >>>>>> > On 05/08/2010, at 4:50 PM, Gavin Baumanis <beauecli...@gmail.com> >>>>>> > wrote: >>>>>> > >>>>>> >> Hi Everyone, >>>>>> >> >>>>>> >> I have been trying to get this to work for the past few days and have >>>>>> >> finally decided I should ask for some help. >>>>>> >> I have a service that runs on a server using the https protocol. >>>>>> >> >>>>>> >> Sunsequently - when I try to use that service I get the folling error; >>>>>> >> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error: >>>>>> >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. >>>>>> >> >>>>>> >> All the items I read seemed to say that all I needed to do was to add >>>>>> >> the certificate to java keystore. >>>>>> >> Which have done using this; >>>>>> >> http://certman.riaforge.org/ >>>>>> >> >>>>>> >> I even tried using the command line - just in case there was some >>>>>> >> "odd" issue with the Certificate Manager extension to CF Admin. >>>>>> >> >>>>>> >> But still no dice. >>>>>> >> >>>>>> >> I have added the server cert and also tried by adding in the client >>>>>> >> cert too - but I still receive that error. >>>>>> >> Interestingly enough - I can successfully see the WSDL via the browser >>>>>> >> and https. >>>>>> >> >>>>>> >> If I place the code on a non-ssl connection - everything works as >>>>>> >> expected - so I know that my CFCs/code etc is working correctly. >>>>>> >> >>>>>> >> If anyone has any ideas - I would be most appreciative. >>>>>> >> >>>>>> >> >>>>>> >> Gavin. >>>>>> >> >>>>>> >> -- >>>>>> >> You received this message because you are subscribed to the Google >>>>>> >> Groups "cfaussie" group. >>>>>> >> To post to this group, send email to cfaus...@googlegroups.com. >>>>>> >> To unsubscribe from this group, send email to >>>>>> >> cfaussie+unsubscr...@googlegroups.com. >>>>>> >> For more options, visit this group at >>>>>> >> http://groups.google.com/group/cfaussie?hl=en. >>>>>> >> >>>>>> > >>>>>> > -- >>>>>> > You received this message because you are subscribed to the Google >>>>>> > Groups "cfaussie" group. >>>>>> > To post to this group, send email to cfaus...@googlegroups.com. >>>>>> > To unsubscribe from this group, send email to >>>>>> > cfaussie+unsubscr...@googlegroups.com. >>>>>> > For more options, visit this group at >>>>>> > http://groups.google.com/group/cfaussie?hl=en. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "cfaussie" group. >>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>> To unsubscribe from this group, send email to >>>>>> cfaussie+unsubscr...@googlegroups.com. >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/cfaussie?hl=en. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "cfaussie" group. >>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>> To unsubscribe from this group, send email to >>>>>> cfaussie+unsubscr...@googlegroups.com. >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/cfaussie?hl=en. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "cfaussie" group. >>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>> To unsubscribe from this group, send email to >>>>> cfaussie+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/cfaussie?hl=en. >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "cfaussie" group. >>>> To post to this group, send email to cfaus...@googlegroups.com. >>>> To unsubscribe from this group, send email to >>>> cfaussie+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >>>> http://groups.google.com/group/cfaussie?hl=en. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "cfaussie" group. >>> To post to this group, send email to cfaus...@googlegroups.com. >>> To unsubscribe from this group, send email to >>> cfaussie+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/cfaussie?hl=en. >> >> >> -- >> Kai Koenig - Ventego Creative Ltd >> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 >> web: http://www.ventego-creative.co.nz >> blog: http://www.bloginblack.de >> twitter: http://www.twitter.com/agentK >> -- >> >> >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "cfaussie" group. >> To post to this group, send email to cfaus...@googlegroups.com. >> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.