Re: [ACFUG Discuss] cfhttp and SSL
Verifying the remote cert provides authentication of the remote server. So my guess would be that you didn't install the appropriate root certs correctly. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] I have always strenuously supported the right of every man to his own opinion, however different that opinion might be to mine. He who denies another this right makes a slave of himself to his present opinion, because he precludes himself the right of changing it. -- Thomas Paine, 1783 On Oct 24, 2006, at 2:54 PM, Steven Ross wrote: Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http:// www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: Re: [ACFUG Discuss] cfhttp and SSL
We got it finally... yeah the certs were a pain... I'm going to write up a blog post about the experience. Oh and fyi aparently there is a bug in java 1.4.x that your key cant be larger than 2048. On 10/24/06, Dean H. Saxe [EMAIL PROTECTED] wrote: Verifying the remote cert provides authentication of the remote server. So my guess would be that you didn't install the appropriate root certs correctly. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] I have always strenuously supported the right of every man to his own opinion, however different that opinion might be to mine. He who denies another this right makes a slave of himself to his present opinion, because he precludes himself the right of changing it. -- Thomas Paine, 1783 On Oct 24, 2006, at 2:54 PM, Steven Ross wrote: Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http:// www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] cfhttp and SSL
As of today, there should be no need for a key greater than 2048 with RSA based cryptosystems. See http://www.keylength.com/ for more info: ll key sizes are provided in bits. These are the minimal sizes for security. Click on a value to compare it with other methods. [... Y]ou may consider using a minimum of 72-bits key for symmetric systems (e.g. AES-128) and a minimum of 1024-bits key for asymmetric systems (e.g. RSA). Of course certs and keys expire regularly and hopefully those key length requirements will be eliminated the next time around. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] Great spirits have often encountered violent opposition from weak minds. --Einstein On Oct 24, 2006, at 3:49 PM, Steven Ross wrote: We got it finally... yeah the certs were a pain... I'm going to write up a blog post about the experience. Oh and fyi aparently there is a bug in java 1.4.x that your key cant be larger than 2048. On 10/24/06, Dean H. Saxe [EMAIL PROTECTED] wrote: Verifying the remote cert provides authentication of the remote server. So my guess would be that you didn't install the appropriate root certs correctly. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] I have always strenuously supported the right of every man to his own opinion, however different that opinion might be to mine. He who denies another this right makes a slave of himself to his present opinion, because he precludes himself the right of changing it. -- Thomas Paine, 1783 On Oct 24, 2006, at 2:54 PM, Steven Ross wrote: Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http:// www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http:// www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] cfhttp and SSL
Steven, I had issues with using a shared cert, but it like you are not sharing a cert. The prob. i had was that the application variables were not being passed on when entering a https page. So I had to come up with a work around. but again, I don't think you are sharing a cert. Max - Original Message - From: Steven Ross [EMAIL PROTECTED] To: ACFUG ColdFusion Discussion discussion@acfug.org Sent: Tuesday, October 24, 2006 2:54 PM Subject: [ACFUG Discuss] cfhttp and SSL Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] cfhttp and SSL
Sometimes larger keys are desirable, but in this case its absolutely not necessary. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] [U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them --John Perry Barlow On Oct 24, 2006, at 4:10 PM, Steven Ross wrote: Yeah it was a configuration issue on the cert and converting into javas weird format... once we got it installed cf was spitting out useful errors from java (at least). Thanks for the info dean... I don't know why a 4k key was generated to begin with but, good to know a 2k one is plenty. On 10/24/06, Max Immelman [EMAIL PROTECTED] wrote: Steven, I had issues with using a shared cert, but it like you are not sharing a cert. The prob. i had was that the application variables were not being passed on when entering a https page. So I had to come up with a work around. but again, I don't think you are sharing a cert. Max - Original Message - From: Steven Ross [EMAIL PROTECTED] To: ACFUG ColdFusion Discussion discussion@acfug.org Sent: Tuesday, October 24, 2006 2:54 PM Subject: [ACFUG Discuss] cfhttp and SSL Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http:// www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: Re: [ACFUG Discuss] cfhttp and SSL
Yeah it was a configuration issue on the cert and converting into javas weird format... once we got it installed cf was spitting out useful errors from java (at least). Thanks for the info dean... I don't know why a 4k key was generated to begin with but, good to know a 2k one is plenty. On 10/24/06, Max Immelman [EMAIL PROTECTED] wrote: Steven, I had issues with using a shared cert, but it like you are not sharing a cert. The prob. i had was that the application variables were not being passed on when entering a https page. So I had to come up with a work around. but again, I don't think you are sharing a cert. Max - Original Message - From: Steven Ross [EMAIL PROTECTED] To: ACFUG ColdFusion Discussion discussion@acfug.org Sent: Tuesday, October 24, 2006 2:54 PM Subject: [ACFUG Discuss] cfhttp and SSL Anyone used cfhttp with SSL? having a really fun time trying to set this up and get it going... i installed my certificate (at least i think i did it correctly)... i had to convert it from a pem file and then i installed it. Hoever now i am getting this in CF when i try to cfhttp with ssl: ErrorDetail: I/O Exception: peer not authenticated -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Steven Ross web application interface developer http://www.zerium.com [mobile] 404-488-4364 [fax] 928-484-4364 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
