views:

43

answers:

1

How to enable webservice call over HTTPS with self-signed cert in ColdFusion 9?

According to the doc, <cfhttp> should work, but how about <cfinvoke>?

If I use cfhttp, do I still need to install the cert as outlined here? http://kb2.adobe.com/cps/400/kb400977.html

I tried simply using https in cfinvoke, I got SSLPeerUnverifiedException: peer not authenticated exception.

Thanks

+2  A: 

If I use cfhttp, do I still need to install the cert as outlined here? http://kb2.adobe.com/cps/400/kb400977.html

Yes.

For secure connections to remote servers over SSL, all current versions of ColdFusion require the remote system's SSL certificate to exist in ColdFusion's certificate truststore.

That would include both cfhttp and cfinvoke.

Simply put, there is no way around importing the certificate into the truststore when it is self-signed.

Adam Tuttle
thx, but got a question, when to use cfhttp's clientCert * clientCertPassword then? Is it different from SSL cert?
Henry
Henry, SSL can work both ways. One of the purposes of SSL is to verify the identity of the server (which is why using a self signed cert is considered a bad practice, because anyone can make one). Well, it works the other way too. The server can require the client to provide a certificate to verify its identity. That way the server can know that it is talking to an authorized party. That is when you would use the client cert attributes in cfhttp.
Jason Dean
@Jason, thanks! Are there any tutorial on how to set up client cert?
Henry