通过SSL的CFHTTP [英] CFHTTP Over SSL
问题描述
我试图使用ColdFusion CFHTTP
标记从服务器通过SSL检索文件没有成功。我们的环境是Linux使用服务器配置。所使用的密钥库位于 cf_root / runtime / jre / lib / security / cacerts
。我从目标服务器检索X.509证书(DER格式),并将其导出到一个文件。在我们的服务器上,在cacerts所在的文件夹中,我将此证书导入我们的cacerts密钥库:
I'm trying to retrieve files from a server over SSL using the ColdFusion CFHTTP
tag with no success. Our environment is Linux using the Server Configuration. The keystore used is at cf_root/runtime/jre/lib/security/cacerts
. I retrieved X.509 certificate (in DER format) from the target server and exported it to a file. On our server, in the folder where cacerts resides, I imported this cert into our cacerts keystore:
keytool -import -alias certAlias -file pathToX509Cert -keystore cacerts -storepass blahPass
keytool -import -alias certAlias -file pathToX509Cert -keystore cacerts -storepass blahPass
并重新启动ColdFusion。但是,我们仍然得到I / O异常:对等体未认证错误。我甚至尝试将同一个证书导入到 cf_root / runtime / lib / trustStore
中的trustStore并重新启动ColdFusion。结果相同。有没有别的,我错过了?我甚至尝试过Raymond Camden的
and restarted ColdFusion. Yet, we're still getting the "I/O Exception: peer not authenticated" error. I even tried importing the same cert into the trustStore at cf_root/runtime/lib/trustStore
and restarting ColdFusion. Same result. Is there something else I'm missing? I've even tried Raymond Camden's workaround with no luck.
推荐答案
根据您正在运行的CF的版本,解决方法发布者Ray是唯一的解决方案。导入证书在某些情况下可以正常工作,但如果您正在访问通配符SSL证书,我从来无法在CF8或更低版本上使用它。
Depending on the version of CF you're running, the workaround posted by Ray is the only solution. Importing the certificate can work in some cases but if you're accessing a wildcard SSL certificate, I have never been able to get it to work on CF8 or below.
参考,将修复这个的代码是:
For reference, the code that will fix this is:
<cfset objSecurity = createObject("java", "java.security.Security") />
<cfset storeProvider = objSecurity.getProvider("JsafeJCE") />
<cfset objSecurity.removeProvider("JsafeJCE") />
如果这不适合您,您可以发布您尝试访问的网址,检查证书?
If this is not working for you, can you post the URL you are trying to access so we can inspect the certificate?
FWIW,你通常可以在cfcatch中使用类型COM.Allire.ColdFusion.HTTPFailure捕获此失败。
FWIW, you can generally catch this failure in a cfcatch using type "COM.Allaire.ColdFusion.HTTPFailure".
这篇关于通过SSL的CFHTTP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!