No announcement yet.

Java vs ColdFusion vs SSL certs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Java vs ColdFusion vs SSL certs

    We have a system which is periodically running a script to capture data from a contractual partner, using XML file transfers through the partner's SSL site. (Separate domains, no possibility of a trust--long story). We have credentials which allow authentication by us through their portal, and we can go through this process manually. We get to the file store as expected, no problem, using IE. But, when we code the process in ColdFusion, we can't authenticate against the portal.

    After much troubleshooting we believe the problem is the partner's SSL site certificate not being installed in our local Java certstore. (ColdFusion relies on the Java certstore, while a manual browse to the site does not.) Viewing the cert paths when manually connected shows the root CA is Go Daddy, and there are 3 levels below that, including the site cert. We have exported all 4 certs from the IE 'Certificates' tool when connected manually, but only the top 3 will import successfully into Java. The last one for the site itself won't import--the 'keytool' command executes but passes an error that the cert isn't a proper x509 cert. Exporting as any of the 3 options (2 CER types or a P7B) yields the same import failure. But remember, it works when using IE with no warnings about certificate problems.

    This code process used to work, but not since Dec '09 as it turns out, and the ColdFusion programmer who's responsible has only just realised! Myself and another domain admin are trying to solve it for him--we don't speak CF, he doesn't speak certs or security in general, none of us speak Java.

    There are commercial issues with requesting a manual transmittal of the cert by the partner to us, so we'd like to try & ident what's wrong with the site cert before we do. Any suggestions MOST appreciated.
    Last edited by RicklesP; 11th February 2011, 21:57.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **