Ask a Question related to Coldfusion Server Administration, Design and Development.
-
rwhaun #1
JVM upgrade breaks secure cfldap connections
I recently upgraded the JVM from 1.4.2_09 to 1.4.2_12 to avoid the Daylight
Savings Time issues. Everything seemed to be running fine until I noticed my
<cfldap> calls all tell me they can't connect to the ldap server. However, as
soon as I change my jvm.config to point to the location of jre 1.4.2_09 and
restart CF, the ldap calls work. So it is directly related to the _09 to _12
upgrade.
My only thought as to what may be the issue is the certs we have installed to
make the secure connection to the ldap servers. I installed those certs using
the (terribly annoying) keypass command line tool a long long time ago. Do I
need to re-install those certs since I upgraded the JVM?
Running CFMX 7.0.2 on IIS6, Windows 2003 SP1
rwhaun Guest
-
upgrade to mx7 breaks cfmail
Our server admin just upgraded to CFMX7 (Solaris) and all our cfmail tags no longer work. The mail.log shows errors every 15 seconds because the... -
Upgrade to 5.8 breaks IIS?
Hi Upgraded my version of Perl (and the relevant modules) but it brings IIS down when I call a PerlScript via the net. Reverted to 5.6 and no... -
#25565 [Opn->Csd]: upgrade to 4.3.3 breaks email attachments
ID: 25565 Updated by: edink@php.net Reported By: john at sysop dot com -Status: Open +Status: Closed... -
#25565 [NEW]: upgrade to 4.3.3 breaks email attachments
From: john at sysop dot com Operating system: win32 PHP version: 4.3.3 PHP Bug Type: Mail related Bug description: upgrade... -
[Unstable] Fetchmail upgrade to 6.2.3 breaks :(
Have been using fetchmail here successfully for some years :) The newest fetchmail in unstable breaks - I keep getting messages about null... -
rwhaun #2 Re: JVM upgrade breaks secure cfldap connections
Looks like I answered my own question. It was an issue with the certs I had
installed with keytool and the old JVM version. Turns out the fix is very
easy. Just copy the old cacerts file over the new JVM's cacerts file. The file
is found in {jre|/lib/security/
I hope this helps someone else out!
rwhaun Guest
-
notrubr #3 Re: JVM upgrade breaks secure cfldap connections
I just did the Java update/upgrade and tried to re-install the certs via the
keytool
and kept getting - "keystore file exists, but is empty" error
So I copied the old cacerts file to the new java location and now cfldap works
but if I try to add a new cert to the file I still get the "keystore file
exists, but is empty" error.
win 2k3 server
cf mx 7.0.2 + hot patch
1.4.2_11 installed in e:\j2sdk1.4.2_11
I run the keytool cmd from
e:\j2sdk1.4.2_11\jre\bin
with the below coommand
keytool -import -keystore E:\j2sdk1.4.2_11\jre\lib\security -alias cert10
-file e:\certs\certs10.cer
returns:
keytool error: java.lang.Exception: Keystore file exists, but is empty:
E:\j2sdk
1.4.2_11\jre\lib\security
what is this all about?
notrubr Guest
-
notrubr #4 Re: JVM upgrade breaks secure cfldap connections
I found the issue with my keystore import I left off cacerts after the \security
so instead of:
keytool -import -keystore E:\j2sdk1.4.2_11\jre\lib\security -alias cert10
-file e:\certs\certs10.cer
It need to be:
keytool -import -keystore E:\j2sdk1.4.2_11\jre\lib\security\cacerts -alias
cert10 -file e:\certs\certs10.cer
notrubr Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
