ColdFusion https 连接失败 [英] ColdFusion https connection failure

问题描述

我有一个 API 在我的两台 Web 服务器之一上运行良好，但在另一台或本地计算机上运行不正常，相反，当我在登录过程中发送 https 请求时连接失败.

请求非常简单，可以在运行它的三台服务器之一上正常运行.第一个如下:

<cfhttp url="https://accounts.ea.com/connect/auth?response_type=code&client_id=EASFC-web&state=59c5a8f1c4e7a991c1da0b54504c38e45f4d8d78&redirect_uri=http%3A%2F%2Fwww.easports.com%2Ffifa%2Ffootball-club%2Flogin_check&locale=uk&scope=basic.identity+basic.persona+signin+offline "method="GET" result="Stage2" redirect="false"><cfhttpparam type="header" name="Accept" value="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"/><cfhttpparam type="header" name="Accept-Encoding" value="gzip, deflate"/><cfhttpparam type="header" name="Accept-Language" value="en-US, en;q=0.5"/><cfhttpparam type="header" name="Connection" value="keep-alive"/><cfhttpparam type="header" name="Host" value="accounts.ea.com"/><cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36"/></cfhttp>

我看过了，这似乎是一个常见问题，但 这个修复没有带来任何乐趣.

我假设我可能忽略了一些安全设置?如果有帮助，我可以在本地计算机上的浏览器中点击该页面并登录.

有人有什么建议吗?

这是 CFDUMP 中返回的内容:

调试信息ColdFusion 服务器开发人员 9,0,0,251028模板/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm时间戳 09-Dec-13 11:40 AM语言环境英语(英国)用户代理 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0远程 IP 127.0.0.1主机名 127.0.0.1________________________________________执行时间处理时间总时间平均时间计数模板608 毫秒 608 毫秒 1 C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfm5 毫秒 5 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBApplication.cfc |onRequestStart(/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBApplication.cfc1 毫秒 1 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsPlayer.cfc |init([复数]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsPlayer.cfc0 毫秒 0 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsBid.cfc |init([复数值]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsBid.cfc0 毫秒 0 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsClub.cfc |init([复数]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsClub.cfc0 毫秒 0 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsConnect.cfc |init([复数]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsConnect.cfc0 毫秒 0 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsSearch.cfc |init([复数]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsSearch.cfc0 毫秒 0 毫秒 1 CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsdoLogin.cfc |init([复数值]) ] 来自 C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsdoLogin.cfc4 ms 启动、解析、编译、加载和关掉617 毫秒总执行时间红色 = 超过 250 毫秒的平均执行时间________________________________________范围变量CGI 变量:AUTH_PASSWORD=AUTH_TYPE=AUTH_USER=CERT_COOKIE=CERT_FLAGS=CERT_ISSUER=CERT_KEYSIZE=CERT_SECRETKEYSIZE=CERT_SERIALNUMBER=CERT_SERVER_ISSUER=CERT_SERVER_SUBJECT=CERT_SUBJECT=CF_TEMPLATE_PATH=C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfm内容长度=内容类型=上下文路径=GATEWAY_INTERFACE=HTTPS=HTTPS_KEYSIZE=HTTPS_SECRETKEYSIZE=HTTPS_SERVER_ISSUER=HTTPS_SERVER_SUBJECT=HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8HTTP_ACCEPT_ENCODING=gzip，放气HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5HTTP_CONNECTION=保持活动状态HTTP_COOKIE=cf_debug_general=块；cf_debug_template_stack=块；CFID=15108；CFTOKEN=12249080；CFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWlu；CFADMIN_LASTPAGE_ADMIN=%2FCFIDE%2Fadministrator%2Fdebugging%2Findex%2EcfmHTTP_HOST=127.0.0.1:8500HTTP_REFERER=HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0路径信息=PATH_TRANSLATED=C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfmQUERY_STRING=重新初始化=1远程地址=127.0.0.1远程主机=127.0.0.1远程用户=REQUEST_METHOD=GETSCRIPT_NAME=/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfmSERVER_NAME=127.0.0.1服务器端口=8500SERVER_PORT_SECURE=0SERVER_PROTOCOL=HTTP/1.1服务器软件=WEB_SERVER_API=Cookie 变量:CFADMIN_LASTPAGE_ADMIN=/CFIDE/administrator/debugging/index.cfmCFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWluCFID=15108CFTOKEN=12249080cf_debug_general=块cf_debug_template_stack=块会话变量:出价账户登录=0出价帐户登录尝试=0cfid=15108cftoken=12249080主账户登录=0mainaccountloginattempts=0定价帐户登录=0定价帐户登录尝试=0searchaccount10loggedin=0searchaccount10loginattempts=0searchaccount11loggedin=0searchaccount11loginattempts=0searchaccount12loggedin=0searchaccount12loginattempts=0searchaccount13loggedin=0searchaccount13loginattempts=0searchaccount14loggedin=0searchaccount14loginattempts=0searchaccount15loggedin=0searchaccount15loginattempts=0searchaccount16loggedin=0searchaccount16loginattempts=0searchaccount17gamertag=ZappyShrimp8searchaccount17loggedin=0searchaccount17loginattempts=0searchaccount18loggedin=0searchaccount18loginattempts=0searchaccount19loggedin=0searchaccount19loginattempts=0searchaccount1loggedin=0searchaccount1loginattempts=0searchaccount20loggedin=0searchaccount20loginattempts=0searchaccount21loggedin=0searchaccount21loginattempts=0searchaccount22loggedin=0searchaccount22loginattempts=0searchaccount23loggedin=0searchaccount23loginattempts=0searchaccount24loggedin=0searchaccount24loginattempts=0searchaccount25loggedin=0searchaccount25loginattempts=0searchaccount26lo​​ggedin=0searchaccount26lo​​ginattempts=0searchaccount27loggedin=0searchaccount27loginattempts=0searchaccount28loggedin=0searchaccount28loginattempts=0searchaccount29loggedin=0searchaccount29loginattempts=0searchaccount2loggedin=0searchaccount2loginattempts=0searchaccount30loggedin=0searchaccount30loginattempts=0searchaccount3loggedin=0searchaccount3loginattempts=0searchaccount4loggedin=0searchaccount4loginattempts=0searchaccount5loggedin=0searchaccount5loginattempts=0searchaccount6loggedin=0searchaccount6loginattempts=0searchaccount8loggedin=0searchaccount8loginattempts=0sessionid=FIFAAUTOBUYER_15108_12249080urltoken=CFID=15108&CFTOKEN=12249080网址参数:重新初始化=1调试渲染时间:21 毫秒

CFDUMP 阶段 2:

结构字符集 [空字符串]ErrorDetail I/O 异常:对等体未通过身份验证文件内容连接失败标头 [空字符串]Mimetype 无法确定文件的 MIME 类型.响应头结构 [空]状态码连接失败.状态码不可用.文本是

解决方案

如果您使用 cfhttp 通过 SSL (https) 连接，那么 ColdFusion 服务器肯定需要安装证书才能成功连接.这是我之前在类似问题上给出的答案:

为了将证书安装到 ColdFusion 的 Java 密钥库，您需要执行以下步骤.首先，确保您正在更新 ColdFusion 正在使用的正确 cacerts 文件.如果您在该服务器上安装了多个 JRE.您可以在系统信息"下从管理员那里验证 JRE ColdFusion 是否正在使用.查找 Java Home 行.

<块引用>

默认信任库是 JRE 的 cacerts 文件.该文件通常位于以下位置:

• 服务器配置:

  cf_root/runtime/jre/lib/security/cacerts

• JRun 4 配置上的多服务器/J2EE:

  jrun_root/jre/lib/security/cacerts

• Sun JDK 安装:

  jdk_root/jre/lib/security/cacerts

• 查阅其他 J2EE 应用服务器和 JVM 的文档

为了安装证书，您首先需要获取证书的副本.这可以通过使用 Internet Explorer 来完成.请注意，不同版本的 Internet Explorer 的行为会略有不同，但应该与这些步骤非常相似.例如，早期版本的 IE 可能会将证书保存在与我提到的不同的选项卡下.

1. 在 Internet Explorer 中浏览到 SSL URL - https://xyz/infoLookup.php?wsdl.
2. 点击锁定图标并点击查看证书查看证书
3. 然后点击安装证书...按钮(注意:如果您没有看到此按钮，您必须先关闭 IE 并以管理员身份运行)
4. 单击 IE 的 Internet 选项，然后单击内容"选项卡
5. 点击证书按钮
6. 在中间证书颁发机构选项卡下找到服务器的证书，选择证书并点击导出...按钮
7. 使用 DER 格式导出

将导出的证书文件复制到您的 ColdFusion 服务器(如果需要，您可以从 IE 中删除证书)

1. 在 ColdFusion 服务器上以管理员身份运行 cmd 提示符
2. 备份原始 cacerts 文件以防遇到问题

<块引用>

keytool 是 Java SDK 的一部分，可以在以下位置找到:

• 服务器配置:

  cf_root/runtime/bin/keytool

• JRun 4 配置上的多服务器/J2EE:

  jrun_root/jre/bin/keytool

• Sun JDK 安装:

  jdk_root/bin/keytool

• 查阅其他 J2EE 应用服务器和 JVM 的文档

安装证书:

1. 将目录更改为您的信任库的位置(cacerts 文件所在的位置)
2. 键入此命令(使用当前 jvm 并使用当前 jvm 的 keytool)"c:program filesjavajre7inkeytool" -import -v -alias your_cert_alias_name -file C:wherever_you_saved_the_filecert_file.cer -keystore cacerts -storepass changeit
3. 在提示信任此证书?"时键入 yes

注意:我上面使用的 *your_cert_alias_name* 可以是任何你想要的
注意:*C:wherever_you_saved_the_filecert_file.cer* 将这些值更改为您用于服务器文件夹和证书文件名的任何值

验证证书:

1. 键入此命令(使用当前 jvm 并使用当前 jvm 的 keytool)"c:program filesjavajre7inkeytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

注意:*your_cert_alias_name* 在此处使用您在上面安装证书时使用的相同名称

重新启动 ColdFusion 服务在您执行此操作之前，它不会读取更新的 cacerts 文件.

您可以根据需要从服务器中删除导入的证书文件.

I have an API that runs fine on one of my two web servers but not on the other one or on my local machine, instead I get a connection failure when I send https requests as part the login process.

The requests are very simple and works without a problem on one of the three servers it is being run on. The first one is as follows:

<cfhttp url="https://accounts.ea.com/connect/auth?response_type=code&client_id=EASFC-web&state=59c5a8f1c4e7a991c1da0b54504c38e45f4d8d78&redirect_uri=http%3A%2F%2Fwww.easports.com%2Ffifa%2Ffootball-club%2Flogin_check&locale=uk&scope=basic.identity+basic.persona+signin+offline " method="GET" result="Stage2" redirect="false">
    <cfhttpparam type="header" name="Accept" value="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" />
    <cfhttpparam type="header" name="Accept-Encoding" value="gzip, deflate" />
    <cfhttpparam type="header" name="Accept-Language" value="en-US, en;q=0.5" />
    <cfhttpparam type="header" name="Connection" value="keep-alive" />
    <cfhttpparam type="header" name="Host" value="accounts.ea.com" />
    <cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" />
</cfhttp>

I've had a look and this seems to be a common issue but this fix provided no joy.

I'm assuming there's some security setting that I am perhaps overlooking? I'm able to hit the page and login within the browser on my local machine if that helps.

Does anyone have any advice?

This is what is returned in a CFDUMP:

Debugging Information 
ColdFusion Server Developer 9,0,0,251028
Template    /CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm
Time Stamp  09-Dec-13 11:40 AM
Locale  English (UK)
User Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Remote IP   127.0.0.1
Host Name   127.0.0.1
________________________________________
Execution Time
Total Time  Avg Time    Count   Template
608 ms  608 ms  1   C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfm
5 ms    5 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBApplication.cfc | onRequestStart(/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBApplication.cfc
1 ms    1 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsPlayer.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsPlayer.cfc
0 ms    0 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsBid.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsBid.cfc
0 ms    0 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsClub.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsClub.cfc
0 ms    0 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsConnect.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsConnect.cfc
0 ms    0 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsSearch.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsSearch.cfc
0 ms    0 ms    1   CFC[ C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsdoLogin.cfc | init([complex value]) ] from C:ServiceswebwwwrootCraigTestFUTFIFACPBcfcsdoLogin.cfc
4 ms        STARTUP, PARSING, COMPILING, LOADING, & SHUTDOWN
617 ms      TOTAL EXECUTION TIME
red = over 250 ms average execution time 
________________________________________
Scope Variables
CGI Variables:
AUTH_PASSWORD=
AUTH_TYPE=
AUTH_USER=
CERT_COOKIE=
CERT_FLAGS=
CERT_ISSUER=
CERT_KEYSIZE=
CERT_SECRETKEYSIZE=
CERT_SERIALNUMBER=
CERT_SERVER_ISSUER=
CERT_SERVER_SUBJECT=
CERT_SUBJECT=
CF_TEMPLATE_PATH=C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfm
CONTENT_LENGTH=
CONTENT_TYPE=
CONTEXT_PATH=
GATEWAY_INTERFACE=
HTTPS=
HTTPS_KEYSIZE=
HTTPS_SECRETKEYSIZE=
HTTPS_SERVER_ISSUER=
HTTPS_SERVER_SUBJECT=
HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5
HTTP_CONNECTION=keep-alive
HTTP_COOKIE=cf_debug_general=block; cf_debug_template_stack=block; CFID=15108; CFTOKEN=12249080; CFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWlu; CFADMIN_LASTPAGE_ADMIN=%2FCFIDE%2Fadministrator%2Fdebugging%2Findex%2Ecfm
HTTP_HOST=127.0.0.1:8500
HTTP_REFERER=
HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
PATH_INFO=
PATH_TRANSLATED=C:ServiceswebwwwrootCraigTestFUTFIFACPBlogInSearchAccount17.cfm
QUERY_STRING=reinit=1
REMOTE_ADDR=127.0.0.1
REMOTE_HOST=127.0.0.1
REMOTE_USER=
REQUEST_METHOD=GET
SCRIPT_NAME=/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm
SERVER_NAME=127.0.0.1
SERVER_PORT=8500
SERVER_PORT_SECURE=0
SERVER_PROTOCOL=HTTP/1.1
SERVER_SOFTWARE=
WEB_SERVER_API=
Cookie Variables:
CFADMIN_LASTPAGE_ADMIN=/CFIDE/administrator/debugging/index.cfm
CFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWlu
CFID=15108
CFTOKEN=12249080
cf_debug_general=block
cf_debug_template_stack=block
Session Variables:
biddingaccountloggedin=0
biddingaccountloginattempts=0
cfid=15108
cftoken=12249080
mainaccountloggedin=0
mainaccountloginattempts=0
pricingaccountloggedin=0
pricingaccountloginattempts=0
searchaccount10loggedin=0
searchaccount10loginattempts=0
searchaccount11loggedin=0
searchaccount11loginattempts=0
searchaccount12loggedin=0
searchaccount12loginattempts=0
searchaccount13loggedin=0
searchaccount13loginattempts=0
searchaccount14loggedin=0
searchaccount14loginattempts=0
searchaccount15loggedin=0
searchaccount15loginattempts=0
searchaccount16loggedin=0
searchaccount16loginattempts=0
searchaccount17gamertag=ZappyShrimp8
searchaccount17loggedin=0
searchaccount17loginattempts=0
searchaccount18loggedin=0
searchaccount18loginattempts=0
searchaccount19loggedin=0
searchaccount19loginattempts=0
searchaccount1loggedin=0
searchaccount1loginattempts=0
searchaccount20loggedin=0
searchaccount20loginattempts=0
searchaccount21loggedin=0
searchaccount21loginattempts=0
searchaccount22loggedin=0
searchaccount22loginattempts=0
searchaccount23loggedin=0
searchaccount23loginattempts=0
searchaccount24loggedin=0
searchaccount24loginattempts=0
searchaccount25loggedin=0
searchaccount25loginattempts=0
searchaccount26loggedin=0
searchaccount26loginattempts=0
searchaccount27loggedin=0
searchaccount27loginattempts=0
searchaccount28loggedin=0
searchaccount28loginattempts=0
searchaccount29loggedin=0
searchaccount29loginattempts=0
searchaccount2loggedin=0
searchaccount2loginattempts=0
searchaccount30loggedin=0
searchaccount30loginattempts=0
searchaccount3loggedin=0
searchaccount3loginattempts=0
searchaccount4loggedin=0
searchaccount4loginattempts=0
searchaccount5loggedin=0
searchaccount5loginattempts=0
searchaccount6loggedin=0
searchaccount6loginattempts=0
searchaccount8loggedin=0
searchaccount8loginattempts=0
sessionid=FIFAAUTOBUYER_15108_12249080
urltoken=CFID=15108&CFTOKEN=12249080
URL Parameters:
reinit=1
Debug Rendering Time: 21 ms

CFDUMP STAGE2:

struct
Charset     [empty string]
ErrorDetail     I/O Exception: peer not authenticated
Filecontent     Connection Failure
Header  [empty string]
Mimetype    Unable to determine MIME type of file.
Responseheader  
struct [empty]
Statuscode  Connection Failure. Status code unavailable.
Text    YES 

解决方案

If you are using cfhttp to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:

Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

• Server Configuration:

  cf_root/runtime/jre/lib/security/cacerts

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/lib/security/cacerts

• Sun JDK installation:

  jdk_root/jre/lib/security/cacerts

• Consult documentation for other J2EE application servers and JVMs

In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.

1. Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
2. View the certificate by clicking on the lock icon and clicking view certificate
3. Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
4. Click on IE's Internet Options and click the Content tab
5. Click the Certificates button
6. Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
7. Export using DER format

Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)

1. Run cmd prompt as administrator on the ColdFusion server
2. Make a backup of the original cacerts file in case you run into issues

The keytool is part of the Java SDK and can be found in the following places:

• Server Configuration:

  cf_root/runtime/bin/keytool

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/bin/keytool

• Sun JDK installation:

  jdk_root/bin/keytool

• Consult documentation for other J2EE application servers and JVMs

To install the cert:

1. Change directory to your truststore's location (where the cacerts file is located)
2. Type this command (use current jvm and use current jvm's keytool) "c:program filesjavajre7inkeytool" -import -v -alias your_cert_alias_name -file C:wherever_you_saved_the_filecert_file.cer -keystore cacerts -storepass changeit
3. Type yes at the prompt to "Trust this certificate?"

Note: *your_cert_alias_name* I used above can be whatever you want
Note: *C:wherever_you_saved_the_filecert_file.cer* change these values to whatever you use for the server folder and certificate file name

To verify the cert:

1. Type this command (use current jvm and use current jvm's keytool) "c:program filesjavajre7inkeytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

Note: *your_cert_alias_name* use the same name here that you used above to install the cert

Restart the ColdFusion service It will not read the updated cacerts file until you do this.

You can delete the imported certificate file from the server if you wish.

这篇关于ColdFusion https 连接失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！