Hi Everyone, And thanks to you all - for all of your ongoing help.
I can confirm the full hierarchy of certs has been imported into the java keystore for the JVM used by CF9. The command line and the certman CFIDE plug-in both conform all certs installed correctly. I can confirm our code is correct and that the web-service can indeed be consumed correctly by our code. I can use the code unchanged on my local machine (without the requirement for https / client certificate authentication. Moving on from this; I removed the client certificate authentication requirement and the SSL requirement from the directory used to house the service on the staging server. I then got some odd error about not finding a required library - another Google search later i have installed the missing libraries and can indeed consume the web-service correctly upon our staging server. So I guess that leaves me with the issue now of; What hoops do I need to ump through in order to have the calling application successfully present a client certificate to the web-service? As always - thanks for any insight you might be able to share. Gavin. On 08/08/2010, at 11:26 PM, Phil Haeusler wrote: > Hi Gavin > > Have you imported the eClinic root certificate into the JVM as well? > > I recall on a older (cf7 perhaps, may be older?) server i had to import a > root certificate when i was having trouble with a particular EV cert. In > this case the latest root certificate from the issuing registry wasn't in the > JVM, and even tho i had imported the EV cert, it refused to work without the > root certificated being imported also so the certificate chain could be > validated > > I think i had to do something like view the certificate in a browser and then > walk up the certificate chain, saving the parent certificates and importing > them in. > > Then again, it's late on a Sunday evening, so i could have some of the > details wrong. > > Phil > > > > On 8/08/10 10:38 PM, Gavin Baumanis wrote: >> >> On Aug 6, 10:39 pm, MrBuzzy<mrbu...@gmail.com> wrote: >>> Maybe we can take a step back and get some more details. Because I'm semi >>> confident we're all trying to help Gavin find a solution, preferably before >>> he has to shell out more cash for a different cert. >>> >>> - what sort of certificate is it? >> Ummm dunno - we create all of our own certifcates and self-sign them >> too. >> >>> - where did it come from? >> Us! >> >>> - does the cert match the host name? >> Yup sure does. >> >>> - is the cert issued from one of the 'pre trusted' authorities. >> Nope. >> >>> - is it just an SSL cert or are we talking about client certs too? >> The directories on the server are protected by certifcate >> authentication that are required by the clients to use the >> application. >> >>> - etc >> Our parent company is eClinic. They are an encryption / SSL / PKI >> Specialist. They perform millions of encrypted medical messaging >> transactions. >> >> Our certs are provided to us by their infrastructure. >> There is nothing wierd or odd about the certs they work in IE and >> Mozilla browsers, the command line tells me they are imported >> correctly into the java keystore as does the "certman" plug in. >> >> I am sure it wil be something simple... but I'll be damned if I can >> work it out. >> >> Gavin. >> > > -- > You received this message because you are subscribed to the Google Groups > "cfaussie" group. > To post to this group, send email to cfaus...@googlegroups.com. > To unsubscribe from this group, send email to > cfaussie+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/cfaussie?hl=en. -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaus...@googlegroups.com. To unsubscribe from this group, send email to cfaussie+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
