tags:

views:

850

answers:

2
+1  Q: 

ColdFusion CFHTTP I/O Exception: peer not authenticated - even after adding certs to Keystore

I'm currently working with a payment processor. I can browse to the payment URL from our server, so it's not a firewall issue, but when I try to use CFHTTP I get a I/O Exception: peer not authenticated. I've downloaded and installed their latest security cert into cacerts keystore and restarted CF and am still getting the same error. Not only have I installed the providers cert, but also the 2 other Verisign certificate authority certs in the certificate chain. The cert is one of the newer Class 3 Extended Validation certs.

Has anybody come across this before and found a solution?

Thanks in advance for your answers.

+2  A: 

Did you add it to the correct keystore? Remember that ColdFusion uses it's own Java instance. I spent several hours on this once before remembering that fact. The one you want is at somewhere like /ColdFusion8/runtime/jre/lib/security/

ryber  2009-10-23 12:52:04
Hi Ryber, that's where I added them.I've added others prior to this and it's always worked. Thanks.
Bazza  2009-10-23 12:59:30
Maybe you're missing one of the certs up the chain, and Java is complaining because it can't verify the authenticity of the signer(s) ?
Sixten Otto  2009-11-18 05:10:02
Hi Sixteen Otto, I've installed all 3 certs in the chain, still not working!
Bazza  2009-12-16 16:05:27
A: 

Having the same issue, did you ever get it resolved?

Edit (from sparrow): http://forums.adobe.com/thread/515227 - Ian reminds us that if we run keytool from the jre/bin directory, it will create a new cacerts there instead of updating the cacerts in the jre/lib/security.

Even with this and another jrun restart, I'm still getting the same error :(

sparrow  2009-11-18 05:04:38
Sorry, nope, not resolved as yet.
Bazza  2009-12-16 16:06:08
I caved and bought cfx_http5. It was a bit of a change (you have to read the docs) but it works like a charm. (http://www.cftagstore.com/tags/cfxhttp5.cfm)
sparrow  2009-12-29 03:20:21
Thanks for that sparrow, I also evaluated then purchased cfx_http5 and all is working nicely now.
Bazza  2010-01-14 09:03:53

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication