Install SSL certificate in ColdFusion


If you are using self signed ssl certs for web-services you may run across the following error:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

If you browse to the URL using Firefox you will likely get a certificate warning and a prompt which allows you to continue anyway despite the warning. With CF you can’t do this so you have to add the certificate to the list of “known” certs using the java keytool.

Instructions:

First – save the certificate to your desktop using Internet Explorer or the Cert Viewer Plus plugin for Firefox.

Then open a command prompt and go to cfusion jre/bin directory


$ cd /opt/jrun/jre/bin

From here you should have see access to the keytool application which is how you modify the security settings.

You can show all certs:

./keytool -list -storepass changeit -noprompt -keystore ../lib/security/cacerts

or Import a new cert:

./keytool -import -storepass changeit -noprompt -alias mynewcert
-keystore ../lib/security/cacerts -trustcacerts -file mynewcert.cer

Explanation of the options:

  • alias – this is a friendly name for the cert that you can specify
  • storepass is the password for the security store. Unless you have already changed it it will be ‘changeit’
  • file – this is the certificate file you have downloaded in your browser.

If it reports the following error:

keytool error: java.io.FileNotFoundException: ../lib/security/cacerts
(Permission denied)

Check that you have write permissions to the cacerts file.

Note: If you are a Mac user you will find that ColdFusion may not have JRE directory installed under JRun. This is because CF uses OS X Java install, so you will need to run your keytool command from the following directory:

/Library/Java/Home/bin

To find out the location of your Java Home, log in CF Administrator and click on Settings Summary.

Hope it helps and thanks to the other people who have posted about this.

Sources:


This post was posted in , , , , by on