ColdFusion CFHTTP 和 SSL 证书 [英] ColdFusion CFHTTP and SSL Certs

问题描述

背景:当我尝试使用 CFHTTP 连接到 API 时，我一直遇到连接失败错误消息的问题.在查看 SoapUI 中的 API 时，我注意到有一个按钮 SSL Info (3 certs)，如下所述.当我点击按钮时，会弹出一个复制窗口，其中包含以下标题.

SSL 信息(3 个证书)"

密码套件:对等校长同行证书1:同行证书 2:同行证书 3:

我觉得这些是让我的应用程序正确连接和提取 JSON 的关键.

问题:如何或在何处安装此证书信息.我应该复制窗口中所有 310 行的证书信息并将其放入新文件并保存在某处吗?

任何信息都会很棒.

解决方案

之前已经回答过安装证书的问题了.以下是再次让您免于搜索的步骤...

如果您使用 cfhttp 通过 SSL (https) 连接，那么 ColdFusion 服务器肯定需要安装证书才能成功连接.这是我之前在类似问题上给出的答案:

为了将证书安装到 ColdFusion 的 Java 密钥库，您需要执行以下步骤.首先，确保您正在更新 ColdFusion 正在使用的正确 cacerts 文件.如果您在该服务器上安装了多个 JRE.您可以在系统信息"下从管理员那里验证 JRE ColdFusion 是否正在使用.查找 Java Home 行.

<块引用>

默认信任库是 JRE 的 cacerts 文件.该文件通常位于以下位置:

• 服务器配置:

  cf_root/runtime/jre/lib/security/cacerts

• JRun 4 配置上的多服务器/J2EE:

  jrun_root/jre/lib/security/cacerts

• Sun JDK 安装:

  jdk_root/jre/lib/security/cacerts

• 查阅其他 J2EE 应用服务器和 JVM 的文档

为了安装证书，您首先需要获取证书的副本.这可以通过使用 Internet Explorer 来完成.请注意，不同版本的 Internet Explorer 的行为会略有不同，但应该与这些步骤非常相似.例如，早期版本的 IE 可能会将证书保存在与我提到的不同的选项卡下.

1. 在 Internet Explorer 中浏览到 SSL URL - https://xyz/infoLookup.php?wsdl.
2. 点击锁定图标并点击查看证书查看证书
3. 然后点击安装证书...按钮(注意:如果您没有看到此按钮，您必须先关闭 IE 并以管理员身份运行)
4. 单击 IE 的 Internet 选项，然后单击内容"选项卡
5. 点击证书按钮
6. 在中间证书颁发机构选项卡下找到服务器的证书，选择证书并点击导出...按钮
7. 使用 DER 格式导出

将导出的证书文件复制到您的 ColdFusion 服务器(如果需要，您可以从 IE 中删除证书)

1. 在 ColdFusion 服务器上以管理员身份运行 cmd 提示符
2. 备份原始 cacerts 文件以防遇到问题

<块引用>

keytool 是 Java SDK 的一部分，可以在以下位置找到:

• 服务器配置:

  cf_root/runtime/bin/keytool

• JRun 4 配置上的多服务器/J2EE:

  jrun_root/jre/bin/keytool

• Sun JDK 安装:

  jdk_root/bin/keytool

• 查阅其他 J2EE 应用服务器和 JVM 的文档

安装证书:

1. 将目录更改为您的信任库的位置(cacerts 文件所在的位置)
2. 键入此命令(使用当前 jvm 并使用当前 jvm 的 keytool)"c:program filesjavajre7inkeytool" -import -v -alias your_cert_alias_name -file C:wherever_you_saved_the_filecert_file.cer -keystore cacerts -storepass changeit
3. 在提示信任此证书?"时键入 yes

注意:your_cert_alias_name我上面使用的可以是任何你想要的
注意:C:wherever_you_saved_the_filecert_file.cer将这些值更改为您用于服务器文件夹和证书文件名的任何值

验证证书:

1. 键入此命令(使用当前 jvm 并使用当前 jvm 的 keytool)"c:program filesjavajre7inkeytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

注意:your_cert_alias_name在此处使用与您在上面安装证书时使用的相同名称

重新启动 ColdFusion 服务在您执行此操作之前，它不会读取更新的 cacerts 文件.

您可以根据需要从服务器中删除导入的证书文件.

Background: I have an ongoing problem with a Connection Failure error message when I try connecting to an API using CFHTTP. While reviewing the API in SoapUI I noticed there was a button SSL Info (3 certs) which is outlined below. When I click the button a window of copy pops up with the headlines outlined below.

"SSL Info (3 certs)"

CipherSuite:

PeerPrincipal

Peer Certificate 1:

Peer Certificate 2:

Peer Certificate 3:

I have a feeling these are the key to getting my application to connect and pull the JSON correctly.

Question: How or Where do I install this cert information. Should I copy all 310 lines in the window with the cert information and place it in new file and save it somewhere?

Any info would be great.

解决方案

I have answered the question of installing certificates before. Here are the steps again to save you from searching...

If you are using cfhttp to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:

Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

• Server Configuration:

  cf_root/runtime/jre/lib/security/cacerts

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/lib/security/cacerts

• Sun JDK installation:

  jdk_root/jre/lib/security/cacerts

• Consult documentation for other J2EE application servers and JVMs

In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.

1. Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
2. View the certificate by clicking on the lock icon and clicking view certificate
3. Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
4. Click on IE's Internet Options and click the Content tab
5. Click the Certificates button
6. Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
7. Export using DER format

Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)

1. Run cmd prompt as administrator on the ColdFusion server
2. Make a backup of the original cacerts file in case you run into issues

The keytool is part of the Java SDK and can be found in the following places:

• Server Configuration:

  cf_root/runtime/bin/keytool

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/bin/keytool

• Sun JDK installation:

  jdk_root/bin/keytool

• Consult documentation for other J2EE application servers and JVMs

To install the cert:

1. Change directory to your truststore's location (where the cacerts file is located)
2. Type this command (use current jvm and use current jvm's keytool) "c:program filesjavajre7inkeytool" -import -v -alias your_cert_alias_name -file C:wherever_you_saved_the_filecert_file.cer -keystore cacerts -storepass changeit
3. Type yes at the prompt to "Trust this certificate?"

Note: your_cert_alias_name I used above can be whatever you want
Note: C:wherever_you_saved_the_filecert_file.cer change these values to whatever you use for the server folder and certificate file name

To verify the cert:

1. Type this command (use current jvm and use current jvm's keytool) "c:program filesjavajre7inkeytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

Note: your_cert_alias_name use the same name here that you used above to install the cert

Restart the ColdFusion service It will not read the updated cacerts file until you do this.

You can delete the imported certificate file from the server if you wish.

这篇关于ColdFusion CFHTTP 和 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！