9 Replies - 7927 Views - Last Post: 20 May 2014 - 10:28 AM Rate Topic: -----

#1 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

SSL/TLS via CFHTTP

Posted 14 May 2014 - 07:44 AM

Hello, everyone,

I'm trying to get CFHTTP to work with SSL/TLS, and I'm banging my head into a wall.

I know that I have to get one server to 'trust' the connection, but I'm not sure how to go about it.

I'm trying to get this to work in two environments, dev and production.

On the dev side, I've got my own CF installation (CF10) and a 'community' CF installation (CF9). The script that I'm writing is attempting to use CFHTTP from my local install to the community install, on the dev side (there are going to be two servers in production that have to do the same thing.)

How do I programmatically get the trust to work?

V/r,

^_^

Is This A Good Question/Topic? 0
  • +

Replies To: SSL/TLS via CFHTTP

#2 Craig328  Icon User is offline

  • I make this look good
  • member icon

Reputation: 2024
  • View blog
  • Posts: 3,609
  • Joined: 13-January 08

Re: SSL/TLS via CFHTTP

Posted 14 May 2014 - 07:47 AM

When you say it's not working, what kind of error message are you getting?
Was This Post Helpful? 0
  • +
  • -

#3 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 14 May 2014 - 08:09 AM

All the browser (for testing) displays is "Connection Failure", nothing else.

V/r,

^_^
Was This Post Helpful? 0
  • +
  • -

#4 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 14 May 2014 - 12:17 PM

I've Googled for it, and I'm seeing instructions for importing a cert into your keystore. Unfortunately, on the dev-side it's a self-signed cert that expired three years ago. :wheelchair:

The person who can create an updated cert is out all week. :nervous:

.. and, of course, it needs to be completed yesterday. :gun_bandana:

Sigh.
Was This Post Helpful? 0
  • +
  • -

#5 Craig328  Icon User is offline

  • I make this look good
  • member icon

Reputation: 2024
  • View blog
  • Posts: 3,609
  • Joined: 13-January 08

Re: SSL/TLS via CFHTTP

Posted 14 May 2014 - 06:31 PM

If you're using a Linux server I want to say I recall a way of generating a self signed cert.

...but I also recall that if it's a Windows box...yer kinda screwed.
Was This Post Helpful? 0
  • +
  • -

#6 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 15 May 2014 - 05:44 AM

It's a WinBlows machine.

V/r,

^_^
Was This Post Helpful? 0
  • +
  • -

#7 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 15 May 2014 - 06:34 AM

Maybe I'm misunderstanding it (quite possible), but could there be a programmatic way of creating a trust between two servers? I see the CFHTTP tag has attributes clientCert and clientCertPassword. Can these be used for authenticating and establishing the trust?

V/r,

^_^
Was This Post Helpful? 0
  • +
  • -

#8 Craig328  Icon User is offline

  • I make this look good
  • member icon

Reputation: 2024
  • View blog
  • Posts: 3,609
  • Joined: 13-January 08

Re: SSL/TLS via CFHTTP

Posted 15 May 2014 - 06:37 AM

I don't think so. The issue (if I understood it correctly the few times I've had to deal with it) is outside of CF. It has more to do with, in your case, IIS.
Was This Post Helpful? 0
  • +
  • -

#9 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 15 May 2014 - 06:44 AM

Apache under Windows. At least, I think it is.

^_^
Was This Post Helpful? 0
  • +
  • -

#10 _WolfShade_  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 60
  • Joined: 12-May 14

Re: SSL/TLS via CFHTTP

Posted 20 May 2014 - 10:28 AM

Okay.. this is really starting to annoy me.

I spoke with our SA and requested to have the target server certificate imported into the trusted keystore of the originating server. Once done, I tried it, and got the same message that is in the attached image (PNG).

What am I missing??

V/r,

^_^

Attached image(s)

  • Attached Image

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1