Professional Web Applications Themes

CFHTTP & SSL Certificates - Coldfusion - Advanced Techniques

Hi all, wondering if anyone has had to call a service using cfhttp within an application to a server that requires a certificate that is usually built into the browser or server for authentication? We've tried a number of things, including adding the certificate to ColdFusion application server through the keytool interface, using CFX_HTTP5, which at this point is throwing security errors, and passing the .cer as a cfhttp param, but that is also having no effect. Basically, without the cert authentication cfhttp throws a timeout error. All we have to do is pass a URL to the service and ...

  1. #1

    Default CFHTTP & SSL Certificates

    Hi all,

    wondering if anyone has had to call a service using cfhttp within an
    application to a server that requires a certificate that is usually built into
    the browser or server for authentication?

    We've tried a number of things, including adding the certificate to ColdFusion
    application server through the keytool interface, using CFX_HTTP5, which at
    this point is throwing security errors, and passing the .cer as a cfhttp param,
    but that is also having no effect.

    Basically, without the cert authentication cfhttp throws a timeout error. All
    we have to do is pass a URL to the service and the service, which runs through
    a proxy that does the authentication returns a few values. We are able to
    return these values if we type the URL in by hand and then select the
    appropriate certificate when prompted but not with the cfhttp call.

    If anyone has any ideas I would love to hear about them. Thanks.

    Steve

    sjml Guest

  2. #2

    Default Re: CFHTTP & SSL Certificates

    CFX_HTTP5 works fine. We use it every day.

    Mr Guest

  3. #3

    Default Re: CFHTTP & SSL Certificates

    Mr Black,

    perhaps I am not configuring my tag correctly. The error message I get is as
    follows:

    Error while processing request. Message:
    Error while sending request. [admin] Loc: 8. A security error occurred
    Error number: 12175

    The code I am using is basically their sample file, with a few modifications:



    <CFX_HTTP5 URL=#CURL#
    OUT="RESULT"
    FILEUSER=#FILEUSER#
    FILEPASS=#FILEPASS#
    FILEDOMAIN=#FILEDOMAIN#
    OUTQHEAD="QHEAD"
    OUTHEAD="RHEAD"
    METHOD="GET"
    CERTSTORENAME=#CERTSTORENAME#
    CERTSUBJSTR=#CERTSUBJSTR#
    SESSION="START">
    <CFIF STATUS EQ "ER">
    <center>
    <H3>Error while processing request. Message:<BR>
    <FONT COLOR="#AA0000"><CFOUTPUT>#MSG#</CFOUTPUT></FONT><BR>
    Error number: <CFOUTPUT>#ERRN#</CFOUTPUT></H3>
    </center>
    <CFX_HTTP5 FNC=?CLOSE? SESSION=#HTTPSESSION#>
    <cfabort>
    <CFELSE>
    <H3><FONT COLOR="#AA0000">Status:</FONT>
    <CFOUTPUT>#HTTPSTATUS#</CFOUTPUT></H3>
    <H3><FONT COLOR="#AA0000">Auth Scheme Used:</FONT>
    <CFOUTPUT>#HTTPSCHEME#</CFOUTPUT></H3>
    <H3><FONT COLOR="#AA0000">Request Headers:</FONT></H3>
    <pre><CFOUTPUT>#QHEAD#</CFOUTPUT></pre>
    <H3><FONT COLOR="#AA0000">Response Headers:</FONT></H3>
    <pre><CFOUTPUT>#RHEAD#</CFOUTPUT></pre>
    <H3><FONT COLOR="#AA0000">Response Body:</FONT></H3>
    <CFOUTPUT><xmp>#RESULT#</xmp></CFOUTPUT>
    </CFIF>
    Completed on: <CFOUTPUT>#Now()#<br>
    Session: #HTTPSESSION#</CFOUTPUT>

    sjml Guest

  4. #4

    Default Re: CFHTTP & SSL Certificates

    Obviously, the certificate was found. This error means that account (admin)
    doesn't have a proper access to the cetificate or/and its private key.
    Properly install the certificate in a physical (machine) store. Configure the
    account you are using. There are articles on this issue on msdn.microsoft.com.


    Mr Guest

  5. #5

    Default Re: CFHTTP & SSL Certificates

    Mr Black,
    Not entirely sure how to accomplish this. We have tried using the
    WinHttpCertCfg tool to set permisions on the server but have been unsuccessful.
    Even our server administrator reinstalled the cert using the sys account, as
    per instruction found in the CFX_HTTP5 doentation, and was unable to modify
    the permission with the cfg tool. Should be we be looking at the version of
    WinHttp the system is using? We are already running Server 2003. Any ideas?

    sjml Guest

  6. #6

    Default Re: CFHTTP & SSL Certificates

    The following article describes the reason why your certificate works out of
    browser, but doesn't work out of CF. It also contains step by step
    instructions how to install and configure certificates and accounts. The
    article talks about ASP.NET, but you can safely ignore this. Replace
    ..NET-related tests with CFX_HTTP5 tests.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;901183


    Mr Guest

Similar Threads

  1. Certificates? Need guidance...
    By Larry David in forum ASP.NET Security
    Replies: 3
    Last Post: September 15th, 05:43 PM
  2. SSL and certificates
    By Kevin in forum ASP.NET Security
    Replies: 2
    Last Post: December 24th, 08:54 PM
  3. Need help with SSL and Certificates
    By Matthew Hood in forum ASP.NET Security
    Replies: 0
    Last Post: July 22nd, 06:07 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139