CFHTTP with Client Certificate -- Help
in [Advanced Techniques]
|
Next: mySQL and cftransaction
From: sqlguy on 18 Jan 2006 02:07 love the fast responses!! Thanks a ton! Ok.. here I go... I added port="443" to the call... but I still get the same problem... :( 1. What version of CF are you using? * ColdFusion MX7 2. Are you running on JRun by any chance? * Yes... 3. Next, browse to the secure sight yourself using a browser that is running on your CF server (if at all possible). * I can't... it is a linux box with no GUI. I am able to import the client cert into my PC and hit the pages with no problem. 4. More than one certificate installed / used? * they have a Verisign issued server cert. 5. Costco redirects to different servers/IP's/domain? * from what I can tell, no. It stays on the same URL the entire time. 6. Cert info in browser matches info from the import verification, above? * Yes, it all matches pefectly. 7. Cert is Base64-encoded X.509 format? * Yes, it is 8. Proxy-server information used/needed by browser (if any) matches proxy statements of <cfhttp> tag? * it is not a proxy user/password... it is a secure URL. When the Client Cert matches, it asks you for USER/PASSWORD also... 9. I have attached Costco's own JAVA examples... although I am clueless with Java. I hoped to be able to use CF code to get the job done. Thanks AGAIN!!!!!!! -Mark Server-side coding examples (in Java): Sample java code needed to attach certificate to web service request: Must be running java 1.4.2_04 or greater // Set SSL properties System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol?); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); (the ssl property requires jsse.jar to be in the classpath) // Set Certificate properties System.setProperty("javax.net.ssl.keyStore","C:/some/directory/structure/WebServ iceCertYYYY.pfx"); System.setProperty("javax.net.ssl.keyStorePassword", "extranetYYYY"); System.setProperty("javax.net.ssl.keyStoreType", "pkcs12"); Note: YYYY = current year. You must also set the username/password in each request. In java, we do it in the proxy like this: org.apache.axis.client.Call call = (org.apache.axis.client.Call) super.service.createCall(); call.setUsername("WebServiceXXXXX(a)costco.com"); call.setPassword("XXXXX-999"); Substitute the XXXXX?s above with your costco vendor number in the username and password.
From: MikerRoo on 18 Jan 2006 02:19 The reason I asked about Jrun is that using it, you often have to import into a different store. From tech note 19139: If you are using JRun as the underlying J2EE server (either the Server Configuration or the J2EE with JRun Configuration) and have enabled SSL for the internal JRun web server(JWS), you will need to import the certificate to the truststore defined in the jrun.xml file for the Secure JWS rather than the JRE key store. By default, the file is called "trustStore" and is typically located under jrun_root/lib for the J2EE with JRun configuration or cf_root/runtime/lib for the ColdFusion Server configuration. You will use the same Java keytool to manage the trustStore. If that doesn't get it, I'm stumped. Try searching the knowledge base and tech notes. Anyway, I'm off to bed. Good luck!
From: sqlguy on 18 Jan 2006 02:54 I tried that also... Still the same result, Failure... The CFHTTP is still not sending the correct (or maybe ANY) Client Certificate with it's request to the Costco website. Question... Were you (or anyone for that matter) able to use CFHTTP when a Client Certificate is required, and work correctly? Thank you for your help. Mark T.
From: MikerRoo on 18 Jan 2006 15:22 Yes, we use certs to authenticate many of our internal web services. <CFHTTP> works fine for us in those cases.
From: MikerRoo on 18 Jan 2006 15:39
This may be a time when you should contact Macromedia/Adobe tech support. Or try http://www.cftagstore.com/tags/cfxhttp5.cfm Good luck. |