ColdFusion CFHTTP和SSL证书 [英] ColdFusion CFHTTP and SSL Certs

问题描述

背景：当我尝试使用CFHTTP连接到API时，我遇到了连接失败错误消息的问题。在SoapUI中查看API时，我注意到有一个按钮 SSL信息（3个证书），如下所示。

SSL信息（3个证书）

  CipherSuite：
 
 PeerPrincipal 
 
对等证书1：
 
对等证书2：
 
对等证书3：
  

我有一种感觉我的应用程序连接和正确拉取JSON。

问题：如何或在哪里安装此证书信息。我应该复制窗口中的所有310行与证书信息，并将它放在新的文件，并保存在某个地方？

任何信息将是巨大的。

解决方案

我已经回答了安装证书的问题。

如果您使用 cfhttp 通过SSL连接（https），则ColdFusion服务器肯定需要安装证书才能成功连接。以下是我对类似问题的上一个回答：

以下是为了将证书安装到ColdFusion的Java密钥库而需要执行的步骤。首先，请确保您正在更新ColdFusion正在使用的正确的cacerts文件。如果您在该服务器上安装了多个JRE。您可以验证JRE ColdFusion正在从系统信息下的管理员使用。查找Java Home行。

默认信任库是JRE的cacerts文件。此文件通常位于以下位置：

• 服务器配置：

  $多服务器/ J2EE on JRun 4配置：b
  $ b

  cf_root / runtime / jre / lib / security / cacerts




• 
  
  

  jrun_root / jre / lib / security / cacerts




• Sun JDK安装：

其他J2EE应用程序服务器和JVM的文档

需要先获得证书的副本。这可以通过使用Internet Explorer来完成。请注意，不同版本的Internet Explorer会稍有不同，但应与这些步骤非常相似。例如，早期版本的IE可能会将证书保存在与我提到的不同的标签下。

1. 浏览到SSL网址在Internet Explorer中 - https：//xyz/infoLookup.php？wsdl 。


2. 锁定图标并点击查看证书


3. 然后点击安装证书...按钮（注意：如果没有看到此按钮，必须关闭IE并以管理员身份运行）


4. 点击IE的互联网选项并点击内容标签


5. 点击证书按钮


6. 选择该证书并点击导出...按钮


7. 使用DER格式导出

将导出的证书文件复制到ColdFusion服务器（如果需要，可以从IE中删除证书）

1. 在ColdFusion服务器上以管理员身份运行 cmd


2. 备份原始cacerts文件以防遇到问题
3. 
   





keytool是Java SDK的一部分，可以在以下位置找到：

• 服务器配置：

  
  
  

  cf_root / runtime / bin / keytool




• 多服务器/ J2EE on JRun 4配置：

  
  
  

  jrun_root / jre / bin / keytool




• Sun JDK安装：
  
  

  jdk_root / bin / keytool




• 请参阅其他J2EE应用程序服务器和JVM的文档

要安装证书：

1. 将目录更改为您的信任库位置（cacerts文件所在的位置）


2. 键入此命令（使用当前jvm并使用当前jvm的键toto）c：\program files\java\\ \\ jre7 \bin\keytool-import -v -alias your_cert_alias_name -file C：\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit


3. 在提示下输入yes以信任此证书？

注意： your_cert_alias_name 可以是任何您想要的

注意： C：\wherever_you_saved_the_file\cert_file.cer 将这些值更改为用于服务器文件夹和证书文件名的任何值

要验证证书：

1. 键入此命令（使用当前jvm并使用当前jvm的keytool ）c：\program files\java\jre7\bin\keytool-list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

注意： your_cert_alias_name 使用与上面用于安装证书相同的名称

重新启动ColdFusion服务。在执行此操作之前，它不会读取更新的cacerts文件。

如果您愿意，从服务器导入证书文件。

Background: I have an ongoing problem with a Connection Failure error message when I try connecting to an API using CFHTTP. While reviewing the API in SoapUI I noticed there was a button SSL Info (3 certs) which is outlined below. When I click the button a window of copy pops up with the headlines outlined below.

"SSL Info (3 certs)"

CipherSuite:

PeerPrincipal

Peer Certificate 1:

Peer Certificate 2:

Peer Certificate 3:

I have a feeling these are the key to getting my application to connect and pull the JSON correctly.

Question: How or Where do I install this cert information. Should I copy all 310 lines in the window with the cert information and place it in new file and save it somewhere?

Any info would be great.

解决方案

I have answered the question of installing certificates before. Here are the steps again to save you from searching...

If you are using cfhttp to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:

Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

• Server Configuration:

  cf_root/runtime/jre/lib/security/cacerts

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/lib/security/cacerts

• Sun JDK installation:

  jdk_root/jre/lib/security/cacerts

• Consult documentation for other J2EE application servers and JVMs

In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.

1. Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
2. View the certificate by clicking on the lock icon and clicking view certificate
3. Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
4. Click on IE's Internet Options and click the Content tab
5. Click the Certificates button
6. Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
7. Export using DER format

Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)

1. Run cmd prompt as administrator on the ColdFusion server
2. Make a backup of the original cacerts file in case you run into issues

The keytool is part of the Java SDK and can be found in the following places:

• Server Configuration:

  cf_root/runtime/bin/keytool

• Multiserver/J2EE on JRun 4 Configuration:

  jrun_root/jre/bin/keytool

• Sun JDK installation:

  jdk_root/bin/keytool

• Consult documentation for other J2EE application servers and JVMs

To install the cert:

1. Change directory to your truststore's location (where the cacerts file is located)
2. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -import -v -alias your_cert_alias_name -file C:\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit
3. Type yes at the prompt to "Trust this certificate?"

Note: your_cert_alias_name I used above can be whatever you want
Note: C:\wherever_you_saved_the_file\cert_file.cer change these values to whatever you use for the server folder and certificate file name

To verify the cert:

1. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

Note: your_cert_alias_name use the same name here that you used above to install the cert

Restart the ColdFusion service It will not read the updated cacerts file until you do this.

You can delete the imported certificate file from the server if you wish.

这篇关于ColdFusion CFHTTP和SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！