views:

850

answers:

2

I'm currently working with a payment processor. I can browse to the payment URL from our server, so it's not a firewall issue, but when I try to use CFHTTP I get a I/O Exception: peer not authenticated. I've downloaded and installed their latest security cert into cacerts keystore and restarted CF and am still getting the same error. Not only have I installed the providers cert, but also the 2 other Verisign certificate authority certs in the certificate chain. The cert is one of the newer Class 3 Extended Validation certs.

Has anybody come across this before and found a solution?

Thanks in advance for your answers.

+2  A: 

Did you add it to the correct keystore? Remember that ColdFusion uses it's own Java instance. I spent several hours on this once before remembering that fact. The one you want is at somewhere like /ColdFusion8/runtime/jre/lib/security/

ryber
Hi Ryber, that's where I added them.I've added others prior to this and it's always worked. Thanks.
Bazza
Maybe you're missing one of the certs up the chain, and Java is complaining because it can't verify the authenticity of the signer(s) ?
Sixten Otto
Hi Sixteen Otto, I've installed all 3 certs in the chain, still not working!
Bazza
A: 

Having the same issue, did you ever get it resolved?

Edit (from sparrow): http://forums.adobe.com/thread/515227 - Ian reminds us that if we run keytool from the jre/bin directory, it will create a new cacerts there instead of updating the cacerts in the jre/lib/security.

Even with this and another jrun restart, I'm still getting the same error :(

sparrow
Sorry, nope, not resolved as yet.
Bazza
I caved and bought cfx_http5. It was a bit of a change (you have to read the docs) but it works like a charm. (http://www.cftagstore.com/tags/cfxhttp5.cfm)
sparrow
Thanks for that sparrow, I also evaluated then purchased cfx_http5 and all is working nicely now.
Bazza