Tech Sharing

Tech Sharing

Advertisement

Import the server or CA certification in coldfusion server

By on September 15, 2010

Last whole week working with a project which involve the integration with 3th party API through the HTTPS secure channel using coldfusion CFHTTP. I come across with the following error message:


I/O Exception: peer not authenticated


Try to Google it for some time and find out that I need to import the 3th party certificate into my Coldfusion server by using some keytool certificate import tools. Trying few times but still can’t get it work until I found a blog which showing a very effective way and free tools for import the certificate.


These instructions are for Windows based machines but the concepts and tools should work on Mac or Unix based platforms.


1. Install tools

Download and install Portecle JVM certificate manager

(portecle-1.5.zip) You do not need the source (src) version

https://sourceforge.net/projects/portecle

The easiest way to install Portecle is to unzip the contents of the zip file to a directory such as C:Program Filesportecle-1.5 Then find the file “Portecle.jar”, right click it and send it to your desktop as a shortcut. You can then use this shortcut to launch Portecle. (optionally you can also change the name of the shortcut and change the icon to use the portecle.ico file for the icon)


2. Extract the certificate

The easy way to get the certificate is ask from the issuer, but if you unable to do so, you may have another alternative solution which you open the https page in your browser and double click on the lock logo at bottom left of the browser (the lock appear just beside the url addrss for Google Chrome)


Double click on the lock –> click the certificate information button –> go to details –> click the copy to file button –> Follow the wizard and select the base-64 encoded X.509 (.cer) format –> save the file


3. Install Certificate to Java Virtual Machine and/or ColdFusion server

Start Portecele.

On the [File] menu, select [Open Keystore File] navigate to and locate the keystore you are interested in.

For many java installations this will be located in your “jrelibsecurity” directory and might be named “cacerts”

For the ColdFusion 8 default developer install the path will be “c:coldfusion8runtimejrelibsecuritycacerts”

You will have to enter the password for the keystore. The default password is “changeit”


Now you are ready to import the key.

From the [Tools] menu select [Import Trusted Certificate]

Navigate to and locate the certificate you saved and click [Import]

You will need to reenter the keystore password.

You can change the alias if you desire but I would recommend leaving it as the default

Note: You may also be prompted to “trust” the certificate.


Click on the save button at the top of the portecle


4.       Restart you Java Virtual Machine/coldfusion application server.

For ColdFusion not installed on top of JRun you just need to restart the ColdFusion service. If you are running on top of JRun you also need to restart JRun.


Up to now, you already successfully import your partner certificate to your coldfusion/java server.


Please feel free to leave your suggestion if any. Click here for more information regarding Protecle




Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Comments

One Response to “Import the server or CA certification in coldfusion server”

  1. I have done this now on several times and can ptrtey much confirm that it works just fine.I am running the J2EE (Multiserver Configuration) setup on Ubuntu Server (Dapper) which has been turned into a developer workstation running Gnome deskop, Eclispe WTP, etc.No issues as yet and stable like you would not believe.Tied in with Apache it really is the best way to develop web applications with ColdFusion, considering most good things will eventually be served on production Linux boxes, it makes sense to develop on the same too.Ethan CaneWeb Developer

Write a Comment

Captcha * Time limit is exhausted. Please reload CAPTCHA.

%d bloggers like this: