Yup - most certainly - after every change. All this work is on our staging server - so we're free to restart services as often as required.
Gavin. On 06/08/2010, at 3:15 PM, skateboard.com.au wrote: > have you restarted cf after adding the cert into the keystore? > > Drew Peacock > > > > -----Original Message----- > From: Gavin Beau Baumanis <b...@palcare.com.au> > To: cfaussie@googlegroups.com > Date: Fri, 6 Aug 2010 15:10:42 +1000 > Subject: Re: [cfaussie] Comsume https webservice > >> Now remember how I said EVERYTHING was working correctly for straight >> hhtp? >> >> >> Well that hasn't changed - but I have to wonder how? >> >> Here is the code I am using; >> <cfset remoteLoginService = createObject("component", >> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Servic >> e.cfc?wsdl")> >> >> should it not be?; >> <cfset remoteLoginService = createObject("webservice", >> "https://mydomain/my/path/to/cfc/Service.cfc?wsdl")> >> >> I did try this by the way - and I still get the unauthenticated peer >> error message.... but I just thought it odd that thew previous version >> worked at all. >> >> I also a "." (period) used instead of the "?" in CFLIVEDOCS - which I >> also tried - without success. >> Once again I got the authentication error..... so it would seem my >> underlying issue is still a certificate error - >> but if someone could shoot me the correct code to use when invoking a >> web service (perhaps you have one in your code already??) - that would >> be most handy. >> >> >> Gavin. >> >> >> On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote: >> >>> Hi Kai, >>> >>> Here is what CFAdmin tells me; >>> >>> JVM Details >>> Java Version 1.6.0_14 >>> Java Vendor Sun Microsystems Inc. >>> Java Vendor URL http://java.sun.com/ >>> Java Home /opt/coldfusion9/runtime/jre >>> >>> Java VM Specification Version 1.0 >>> Java VM Specification Vendor Sun Microsystems Inc. >>> Java VM Specification Name Java Virtual Machine Specification >>> Java VM Version 14.0-b16 >>> Java VM Vendor Sun Microsystems Inc. >>> Java VM Name Java HotSpot(TM) Server VM >>> Java Specification Version 1.6 >>> Java Specification Vendor Sun Microsystems Inc. >>> Java Specification Name Java Platform API Specification >>> Java Class Version 50.0 >>> >>> >>> So I am going to go with - we're using the normal / standard CF >> install version. >>> >>> Gavin >>> >>> >>> On 06/08/2010, at 12:58 PM, Kai Koenig wrote: >>> >>>> Just to double check and a random idea - are you running this on the >> standard JVM that comes with CF or has it been upgraded to 1.6.20+? >>>> >>>> Cheers >>>> Kai >>>> >>>> >>>>> Okay some more news... but it is still not working. >>>>> >>>>> When I try to delete a certificate from the Java KeyStore using the >> certman CFIDE extension it throws an error. >>>>> Subsequently I have reverted to using the command line to do the >> KeyStore maintenance. >>>>> >>>>> Here is what I have done; >>>>> >>>>> Imported into the KeyStore the public key used to access our SSL >> secured website. (I.e the key we would issue to a client so that they >> could access the site. >>>>> >>>>> in code this following line; >>>>> <cfset remoteLoginService = createObject("component", >>>>> >> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Servic >> e.cfc?wsdl")> >>>>> >>>>> causes this error; >>>>> Unable to read WSDL from URL: >> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error: >> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. >>>>> >>>>> Now I don't know if this is the same thing or not, but I exported >> (via Firefox - by clicking on the padlock icon and choosing EXPORT) the >> certificate at the website. >>>>> Imported THAT certificate in the Java KeyStore - get the same >> error as above. >>>>> >>>>> >>>>> I then read on a blog - something about requiring the certificate >> used to sign the public key and since we signed the key ourselves I >> added that to the Java KeyStore too. >>>>> But unfortunately - I still get the same error. >>>>> >>>>> The command line confirms that the certs are indeed in the KeyStore >> - as does the CertMan CFIDE extension. >>>>> I have restarted the CF service after each certificate >> installation. >>>>> >>>>> It would "seem" I have done everything required - but it still >> doesn't work. >>>>> >>>>> And let me also say that if I place the exact same CFCs and calling >> code onto a non-SSL path - then the web service is consumed correctly - >> so am really confident it is not a CFML coding issue. >>>>> >>>>> >>>>> If anyone has any ideas at all - I would be most appreciative - Of >> course - if I do get it working - I will let everyone know what I did. >>>>> >>>>> Gavin. >>>>> >>>>> >>>>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote: >>>>> >>>>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never >> know. >>>>>> >>>>>> I guess you're back to the challenge of importing it correctly. Or >> there's some other issue going on. >>>>>> >>>>>> Sent from my iPhone >>>>>> >>>>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis >> <b...@palcare.com.au> wrote: >>>>>> >>>>>>> I don't get a cert warning in the browser because I have "that" >> cert and only that cert installed in the browser already. >>>>>>> >>>>>>> Our staging sites have all been confired to allow the same >> developer's client cert - thus one cert for all staging sites. >>>>>>> >>>>>>> Thus only have one cert installed means you don't even get the >> prompt for the cert it's just automatically applied by firefox - after >> the first run of course... >>>>>>> >>>>>>> Well - at least that's what I am putting it (the working in the >> browser) down to anyway. >>>>>>> >>>>>>> As for the JVM that we're using - to be honest - I wouldn't have >> a clue... but since we're running CF9 - would it not be using whatever >> CF9 gets bundled with? >>>>>>> >>>>>>> >>>>>>> Gavin. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote: >>>>>>> >>>>>>>> What I find interesting is your browser does not give any >> certificate warnings when viewing the wsdl over https. That usually >> means you wont need to import the certificate or issuing authority in >> to the JVM. >>>>>>>> >>>>>>>> Is it possible you are using any early-ish JVM, like version >> 1.4.2? >>>>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You >> will need to modify jvm.config once you have installed the new JVM and >> give CF a restart. >>>>>>>> >>>>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis >> <b...@palcare.com.au> wrote: >>>>>>>> >>>>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote: >>>>>>>> >>>>>>>>> Annoying isn't it :) >>>>>>>>> >>>>>>>> Yup sure is. >>>>>>>> >>>>>>>> >>>>>>>>> When you view the https wsdl in a browser what warnings (if >> any) do you get? >>>>>>>>> >>>>>>>> None. >>>>>>>> >>>>>>>> The WSDL looks identical to that produced when using a non-https >> URL. >>>>>>>> Apart from the namespace addresses etc being different because >> of the different URL >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Also if you're going commando (command line hehe) just check >> that you are working on the same jvm or jdk that is specified in >> ColdFusion's jvm.config file. >>>>>>>>> >>>>>>>> Ahh righteo.... >>>>>>>> I didn't consider that.... but thanks. >>>>>>>> >>>>>>>> It still doesn't work though.... bummer.... >>>>>>>> >>>>>>>> Anyone got anything further I could try? >>>>>>>> Or is it simply a fact that importing the server cert into the >> java keystore - should see it working? >>>>>>>> And if that is the case - does the alias used when importing the >> cert, matter any? >>>>>>>> >>>>>>>> Thanks again.... >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Sent from my iPhone >>>>>>>>> >>>>>>>>> On 05/08/2010, at 4:50 PM, Gavin Baumanis >> <beauecli...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Hi Everyone, >>>>>>>>>> >>>>>>>>>> I have been trying to get this to work for the past few days >> and have >>>>>>>>>> finally decided I should ask for some help. >>>>>>>>>> I have a service that runs on a server using the https >> protocol. >>>>>>>>>> >>>>>>>>>> Sunsequently - when I try to use that service I get the >> folling error; >>>>>>>>>> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error: >>>>>>>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not >> authenticated. >>>>>>>>>> >>>>>>>>>> All the items I read seemed to say that all I needed to do >> was to add >>>>>>>>>> the certificate to java keystore. >>>>>>>>>> Which have done using this; >>>>>>>>>> http://certman.riaforge.org/ >>>>>>>>>> >>>>>>>>>> I even tried using the command line - just in case there was >> some >>>>>>>>>> "odd" issue with the Certificate Manager extension to CF >> Admin. >>>>>>>>>> >>>>>>>>>> But still no dice. >>>>>>>>>> >>>>>>>>>> I have added the server cert and also tried by adding in the >> client >>>>>>>>>> cert too - but I still receive that error. >>>>>>>>>> Interestingly enough - I can successfully see the WSDL via >> the browser >>>>>>>>>> and https. >>>>>>>>>> >>>>>>>>>> If I place the code on a non-ssl connection - everything >> works as >>>>>>>>>> expected - so I know that my CFCs/code etc is working >> correctly. >>>>>>>>>> >>>>>>>>>> If anyone has any ideas - I would be most appreciative. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Gavin. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >> Google Groups "cfaussie" group. >>>>>>>>>> To post to this group, send email to >> cfaus...@googlegroups.com. >>>>>>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the >> Google Groups "cfaussie" group. >>>>>>>>> To post to this group, send email to >> cfaus...@googlegroups.com. >>>>>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the >> Google Groups "cfaussie" group. >>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the >> Google Groups "cfaussie" group. >>>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the >> Google Groups "cfaussie" group. >>>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >>>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >>>>> To post to this group, send email to cfaus...@googlegroups.com. >>>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>>> >>>> >>>> -- >>>> Kai Koenig - Ventego Creative Ltd >>>> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117 >>>> web: http://www.ventego-creative.co.nz >>>> blog: http://www.bloginblack.de >>>> twitter: http://www.twitter.com/agentK >>>> -- >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >>>> To post to this group, send email to cfaus...@googlegroups.com. >>>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >>> To post to this group, send email to cfaus...@googlegroups.com. >>> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >>> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >> >> -- >> You received this message because you are subscribed to the Google >> Groups "cfaussie" group. >> To post to this group, send email to cfaus...@googlegroups.com. >> To unsubscribe from this group, send email to >> cfaussie+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/cfaussie?hl=en. >> > > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.