Last whole week working with a project which involve the integration with 3th party API through the HTTPS secure channel using coldfusion CFHTTP. I come across with the following error message:
I/O Exception: peer not authenticated
Try to Google it for some time and find out that I need to import the 3th party certificate into my Coldfusion server by using some keytool certificate import tools. Trying few times but still can’t get it work until I found a blog which showing a very effective way and free tools for import the certificate.
These instructions are for Windows based machines but the concepts and tools should work on Mac or Unix based platforms.
1. Install tools
Download and install Portecle JVM certificate manager
(portecle-1.5.zip) You do not need the source (src) version
The easiest way to install Portecle is to unzip the contents of the zip file to a directory such as C:Program Filesportecle-1.5 Then find the file “Portecle.jar”, right click it and send it to your desktop as a shortcut. You can then use this shortcut to launch Portecle. (optionally you can also change the name of the shortcut and change the icon to use the portecle.ico file for the icon)
2. Extract the certificate
The easy way to get the certificate is ask from the issuer, but if you unable to do so, you may have another alternative solution which you open the https page in your browser and double click on the lock logo at bottom left of the browser (the lock appear just beside the url addrss for Google Chrome)
Double click on the lock –> click the certificate information button –> go to details –> click the copy to file button –> Follow the wizard and select the base-64 encoded X.509 (.cer) format –> save the file
3. Install Certificate to Java Virtual Machine and/or ColdFusion server
On the [File] menu, select [Open Keystore File] navigate to and locate the keystore you are interested in.
For many java installations this will be located in your “jrelibsecurity” directory and might be named “cacerts”
For the ColdFusion 8 default developer install the path will be “c:coldfusion8runtimejrelibsecuritycacerts”
You will have to enter the password for the keystore. The default password is “changeit”
Now you are ready to import the key.
From the [Tools] menu select [Import Trusted Certificate]
Navigate to and locate the certificate you saved and click [Import]
You will need to reenter the keystore password.
You can change the alias if you desire but I would recommend leaving it as the default
Note: You may also be prompted to “trust” the certificate.
Click on the save button at the top of the portecle
4. Restart you Java Virtual Machine/coldfusion application server.
For ColdFusion not installed on top of JRun you just need to restart the ColdFusion service. If you are running on top of JRun you also need to restart JRun.
Up to now, you already successfully import your partner certificate to your coldfusion/java server.
Please feel free to leave your suggestion if any. Click here for more information regarding Protecle