Re: SSL certificate problem with 3rd party

I was helping Jason with this a bit before he posted here, but didn’t have time to do full tests. I have run into this situation before and that time it ‘automagically’ started working the next day with an unaltered keystore. Arg! So this issue: I have a Win 7 VM with CF8.0.1 fully patched a

Re: SSL certificate problem with 3rd party

Simply stating it works on ColdFusion 10 is meaningless. ColdFusion 10 installs with Java 1.6 by default. So unless you’ve patched CF10 and explicitly installed Java 1.7 and edited your jvm.config to use Java 1.7 you are still on Java 1.6. Wil Genovese Owner / Sr Web Application Developer

Re: SSL certificate problem with 3rd party

> FYI, I tried things out on CF 10, and it appears to accept these types of > certificates without issue. What's the JVM version you're using on that installation? -Justin ~| Order the Adobe Coldfusion Anthology now! http://ww

Re: SSL certificate problem with 3rd party

Apologies, Justin is correct. I tested this on one of our CF 8 servers and the host file/IP manipulation worked as stated. I'm so used to dealing with the * certificate issue, I wasn't aware this wasn't the case for the new certificates with the multiple names. FYI, I tried things out on CF 10,

Re: SSL certificate problem with 3rd party

> You will need to import the star (*) certificate into the keystore for the > java instance ColdFusion is running upon. > > Basically ColdFusion doesn't like to speak to *.domain.com certificates (I > think CF10 doesn't mind so much), as it is not an exact match to the URL it > is attempting to

Re: SSL certificate problem with 3rd party

You will need to import the star (*) certificate into the keystore for the java instance ColdFusion is running upon. Basically ColdFusion doesn't like to speak to *.domain.com certificates (I think CF10 doesn't mind so much), as it is not an exact match to the URL it is attempting to access. t

Re: SSL certificate problem with 3rd party

> Can anyone provide assistance as to why CF 8.0.1 isn't happy > with this certificate? It sounds like they're using a certificate with multiple embedded hostnames (known as alternative names) which is not supported by Java 6. Importing the cert into the java cert cache won't help. You will nee

Re: SSL certificate problem with 3rd party

I dealt with this same problem. In my case, solution was to edit hosts file on server(s) so that internetsecure.com and test.internetsecure.com both have the same IP and then, in your cfhttp, use the name that matches the cert. On Thu, Jan 16, 2014 at 3:05 PM, Jason Durham wrote: > > A payment

Re: SSL certificate problem with 3rd party

Is it a 2048 bit cert? I seem to remember CF8 needing a patch to handle those. Jon On Jan 16, 2014, at 3:05 PM, Jason Durham wrote: > > A payment processor changed one of their certificates which is causing CF > to throw an exception when we try to connect via CFHTTP using SSL. > > The err

Re: SSL certificate problem with 3rd party

If I remember correctly, the JVM keeps it's own cache of certificates. I'd search for the commands to remove a cert from the built-in java keystore. It's pretty simple using the keytool app but you might need to restart CF to make it take. -Jake On Thu, Jan 16, 2014 at 2:05 PM, Jason Durham

SSL certificate problem with 3rd party

A payment processor changed one of their certificates which is causing CF to throw an exception when we try to connect via CFHTTP using SSL. The error message is: *I/O Exception: Name in certificate `internetsecure.com ' does not match host name `test.internetsecure.com