Yup - most certainly - after every change.
All this work is on our staging server - so we're free to restart services as
often as required.
Gavin.
On 06/08/2010, at 3:15 PM, skateboard.com.au wrote:
> have you restarted cf after adding the cert into the keystore?
>
> Drew Peacock
>
>
>
> -----Original Message-----
> From: Gavin Beau Baumanis <b...@palcare.com.au>
> To: cfaussie@googlegroups.com
> Date: Fri, 6 Aug 2010 15:10:42 +1000
> Subject: Re: [cfaussie] Comsume https webservice
>
>> Now remember how I said EVERYTHING was working correctly for straight
>> hhtp?
>>
>>
>> Well that hasn't changed - but I have to wonder how?
>>
>> Here is the code I am using;
>> <cfset remoteLoginService = createObject("component",
>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Servic
>> e.cfc?wsdl")>
>>
>> should it not be?;
>> <cfset remoteLoginService = createObject("webservice",
>> "https://mydomain/my/path/to/cfc/Service.cfc?wsdl";)>
>>
>> I did try this by the way - and I still get the unauthenticated peer
>> error message.... but I just thought it odd that thew previous version
>> worked at all.
>>
>> I also a "." (period) used instead of the "?" in CFLIVEDOCS - which I
>> also tried - without success.
>> Once again I got the authentication error..... so it would seem my
>> underlying issue is still a certificate error -
>> but if someone could shoot me the correct code to use when invoking a
>> web service (perhaps you have one in your code already??) - that would
>> be most handy.
>>
>>
>> Gavin.
>>
>>
>> On 06/08/2010, at 1:01 PM, Gavin Beau Baumanis wrote:
>>
>>> Hi Kai,
>>>
>>> Here is what CFAdmin tells me;
>>>
>>> JVM Details
>>> Java Version 1.6.0_14
>>> Java Vendor Sun Microsystems Inc.
>>> Java Vendor URL http://java.sun.com/
>>> Java Home /opt/coldfusion9/runtime/jre
>>>
>>> Java VM Specification Version 1.0
>>> Java VM Specification Vendor Sun Microsystems Inc.
>>> Java VM Specification Name Java Virtual Machine Specification
>>> Java VM Version 14.0-b16
>>> Java VM Vendor Sun Microsystems Inc.
>>> Java VM Name Java HotSpot(TM) Server VM
>>> Java Specification Version 1.6
>>> Java Specification Vendor Sun Microsystems Inc.
>>> Java Specification Name Java Platform API Specification
>>> Java Class Version 50.0
>>>
>>>
>>> So I am going to go with - we're using the normal / standard CF
>> install version.
>>>
>>> Gavin
>>>
>>>
>>> On 06/08/2010, at 12:58 PM, Kai Koenig wrote:
>>>
>>>> Just to double check and a random idea - are you running this on the
>> standard JVM that comes with CF or has it been upgraded to 1.6.20+?
>>>>
>>>> Cheers
>>>> Kai
>>>>
>>>>
>>>>> Okay some more news... but it is still not working.
>>>>>
>>>>> When I try to delete a certificate from the Java KeyStore using the
>> certman CFIDE extension it throws an error.
>>>>> Subsequently I have reverted to using the command line to do the
>> KeyStore maintenance.
>>>>>
>>>>> Here is what I have done;
>>>>>
>>>>> Imported into the KeyStore the public key used to access our SSL
>> secured website. (I.e the key we would issue to a client so that they
>> could access the site.
>>>>>
>>>>> in code this following line;
>>>>> <cfset remoteLoginService = createObject("component",
>>>>>
>> "my.path.to.cfc.Service").init("https://mydomain/my/path/to/cfc/Servic
>> e.cfc?wsdl")>
>>>>>
>>>>> causes this error;
>>>>> Unable to read WSDL from URL:
>> https://mydomain/my/path/to/cfc/Service.cfc?wsdl. Error:
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
>>>>>
>>>>> Now I don't know if this is the same thing or not, but I exported
>> (via Firefox - by clicking on the padlock icon and choosing EXPORT) the
>> certificate at the website.
>>>>> Imported THAT certificate in the Java KeyStore - get the same
>> error as above.
>>>>>
>>>>>
>>>>> I then read on a blog - something about requiring the certificate
>> used to sign the public key and since we signed the key ourselves I
>> added that to the Java KeyStore too.
>>>>> But unfortunately - I still get the same error.
>>>>>
>>>>> The command line confirms that the certs are indeed in the KeyStore
>> - as does the CertMan CFIDE extension.
>>>>> I have restarted the CF service after each certificate
>> installation.
>>>>>
>>>>> It would "seem" I have done everything required - but it still
>> doesn't work.
>>>>>
>>>>> And let me also say that if I place the exact same CFCs and calling
>> code onto a non-SSL path - then the web service is consumed correctly -
>> so am really confident it is not a CFML coding issue.
>>>>>
>>>>>
>>>>> If anyone has any ideas at all - I would be most appreciative - Of
>> course - if I do get it working - I will let everyone know what I did.
>>>>>
>>>>> Gavin.
>>>>>
>>>>>
>>>>> On 05/08/2010, at 11:50 PM, MrBuzzy wrote:
>>>>>
>>>>>> Yeah I agree the default CF9 jvm should be a-o-k. But ya never
>> know.
>>>>>>
>>>>>> I guess you're back to the challenge of importing it correctly. Or
>> there's some other issue going on.
>>>>>>
>>>>>> Sent from my iPhone
>>>>>>
>>>>>> On 05/08/2010, at 11:21 PM, Gavin Beau Baumanis
>> <b...@palcare.com.au> wrote:
>>>>>>
>>>>>>> I don't get a cert warning in the browser because I have "that"
>> cert and only that cert installed in the browser already.
>>>>>>>
>>>>>>> Our staging sites have all been confired to allow the same
>> developer's client cert - thus one cert for all staging sites.
>>>>>>>
>>>>>>> Thus only have one cert installed means you don't even get the
>> prompt for the cert it's just automatically applied by firefox - after
>> the first run of course...
>>>>>>>
>>>>>>> Well - at least that's what I am putting it (the working in the
>> browser) down to anyway.
>>>>>>>
>>>>>>> As for the JVM that we're using - to be honest - I wouldn't have
>> a clue... but since we're running CF9 - would it not be using whatever
>> CF9 gets bundled with?
>>>>>>>
>>>>>>>
>>>>>>> Gavin.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 05/08/2010, at 10:38 PM, MrBuzzy wrote:
>>>>>>>
>>>>>>>> What I find interesting is your browser does not give any
>> certificate warnings when viewing the wsdl over https. That usually
>> means you wont need to import the certificate or issuing authority in
>> to the JVM.
>>>>>>>>
>>>>>>>> Is it possible you are using any early-ish JVM, like version
>> 1.4.2?
>>>>>>>> If you can, upgrade the CF JVM to the latest 1.6.x. verslon. You
>> will need to modify jvm.config once you have installed the new JVM and
>> give CF a restart.
>>>>>>>>
>>>>>>>> On 5 August 2010 20:29, Gavin Beau Baumanis
>> <b...@palcare.com.au> wrote:
>>>>>>>>
>>>>>>>> On 05/08/2010, at 7:26 PM, MrBuzzy wrote:
>>>>>>>>
>>>>>>>>> Annoying isn't it :)
>>>>>>>>>
>>>>>>>> Yup sure is.
>>>>>>>>
>>>>>>>>
>>>>>>>>> When you view the https wsdl in a browser what warnings (if
>> any) do you get?
>>>>>>>>>
>>>>>>>> None.
>>>>>>>>
>>>>>>>> The WSDL looks identical to that produced when using a non-https
>> URL.
>>>>>>>> Apart from the namespace addresses etc being different because
>> of the different URL
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Also if you're going commando (command line hehe) just check
>> that you are working on the same jvm or jdk that is specified in
>> ColdFusion's jvm.config file.
>>>>>>>>>
>>>>>>>> Ahh righteo....
>>>>>>>> I didn't consider that.... but thanks.
>>>>>>>>
>>>>>>>> It still doesn't work though.... bummer....
>>>>>>>>
>>>>>>>> Anyone got anything further I could try?
>>>>>>>> Or is it simply a fact that importing the server cert into the
>> java keystore - should see it working?
>>>>>>>> And if that is the case - does the alias used when importing the
>> cert, matter any?
>>>>>>>>
>>>>>>>> Thanks again....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Sent from my iPhone
>>>>>>>>>
>>>>>>>>> On 05/08/2010, at 4:50 PM, Gavin Baumanis
>> <beauecli...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Everyone,
>>>>>>>>>>
>>>>>>>>>> I have been trying to get this to work for the past few days
>> and have
>>>>>>>>>> finally decided I should ask for some help.
>>>>>>>>>> I have a service that runs on a server using the https
>> protocol.
>>>>>>>>>>
>>>>>>>>>> Sunsequently - when I try to use that service I get the
>> folling error;
>>>>>>>>>> Unable to read WSDL from URL: blah/blah.cfc?wsdl. Error:
>>>>>>>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not
>> authenticated.
>>>>>>>>>>
>>>>>>>>>> All the items I read seemed to say that all I needed to do
>> was to add
>>>>>>>>>> the certificate to java keystore.
>>>>>>>>>> Which have done using this;
>>>>>>>>>> http://certman.riaforge.org/
>>>>>>>>>>
>>>>>>>>>> I even tried using the command line - just in case there was
>> some
>>>>>>>>>> "odd" issue with the Certificate Manager extension to CF
>> Admin.
>>>>>>>>>>
>>>>>>>>>> But still no dice.
>>>>>>>>>>
>>>>>>>>>> I have added the server cert and also tried by adding in the
>> client
>>>>>>>>>> cert too - but I still receive that error.
>>>>>>>>>> Interestingly enough - I can successfully see the WSDL via
>> the browser
>>>>>>>>>> and https.
>>>>>>>>>>
>>>>>>>>>> If I place the code on a non-ssl connection - everything
>> works as
>>>>>>>>>> expected - so I know that my CFCs/code etc is working
>> correctly.
>>>>>>>>>>
>>>>>>>>>> If anyone has any ideas - I would be most appreciative.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Gavin.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> You received this message because you are subscribed to the
>> Google Groups "cfaussie" group.
>>>>>>>>>> To post to this group, send email to
>> cfaus...@googlegroups.com.
>>>>>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> You received this message because you are subscribed to the
>> Google Groups "cfaussie" group.
>>>>>>>>> To post to this group, send email to
>> cfaus...@googlegroups.com.
>>>>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the
>> Google Groups "cfaussie" group.
>>>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the
>> Google Groups "cfaussie" group.
>>>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to the
>> Google Groups "cfaussie" group.
>>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to the Google
>> Groups "cfaussie" group.
>>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>>
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>> Groups "cfaussie" group.
>>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>>
>>>>
>>>> --
>>>> Kai Koenig - Ventego Creative Ltd
>>>> ph: +64 4 476 6781 - mob: +64 21 928 365 / +61 450 132 117
>>>> web: http://www.ventego-creative.co.nz
>>>> blog: http://www.bloginblack.de
>>>> twitter: http://www.twitter.com/agentK
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>> Groups "cfaussie" group.
>>>> To post to this group, send email to cfaus...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>> Groups "cfaussie" group.
>>> To post to this group, send email to cfaus...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google
>> Groups "cfaussie" group.
>> To post to this group, send email to cfaus...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> cfaussie+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/cfaussie?hl=en.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "cfaussie" group.
> To post to this group, send email to cfaus...@googlegroups.com.
> To unsubscribe from this group, send email to
> cfaussie+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/cfaussie?hl=en.
--
You received this message because you are subscribed to the Google Groups
"cfaussie" group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
