Solved

Can't Connect After Installing New Verisign Certificate

Posted on 2008-06-11
6
707 Views
Last Modified: 2013-12-24
We use ColdFusion MX 6.1 to link to our library catalog via the cfhttp tag.  Our library catalog is a secure site with an installed Verisign Certificate.  The other day I renewed the certificate and made the appropriate changes in our Apache server.  After that coldfusion could not connect to our catalog (both ser sslv3 certificates).  So I rolled back to the original certificate and everything went back to normal.  Does anyone know what could be causing this?  Some caching problem with CF so it keeps trying to find the old certificate?

Thanks!!
0
Comment
Question by:kresgelads
  • 3
  • 2
6 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 21762510
you probably need to import the new cert into the keystore

"To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure should not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.
To manually import a certificate:

   1. Go to a page on the SSL server in question.
   2. Double-click the lock icon.
   3. Click the Details tab.
   4. Click Copy To File.
   5. Select the base64 option and save the file.
   6. Copy the CER file into C:\CFusionMX7\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
   7. Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):

      keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer

"

from livedocs
0
 

Author Comment

by:kresgelads
ID: 21762821
Couple of questions:

1)  I renewed the Verisign certificatewith another verisign certificate, therefore the problem can't be because I'm using a self signed certificate.

2)  when you use the term "giveUniqueName" I assume it's the full domain name of the site, e.g.  "mysite.oakland.edu"
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 21763958
it's quite possible that you still need to do the cert import. Also the cf service needs to be restarted after any cert update.


It also may be a bug in the jvm for  6.1 although if you dealt with the daylight savings change that's probably not the issue as you would have updated
http://www.talkingtree.com/blog/index.cfm?mode=entry&entry=25AA75A4-45A6-2844-7CA3EECD842DB576

the unique name does not have to be the fqdn just unique

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:kresgelads
ID: 21764116
Thanks!!

One final question:

when you say:  "Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin)"

I assume you mean I should be in c:\cfusionmx7\runtime\jre\bin\lib\security
Thanks Again.

0
 
LVL 36

Accepted Solution

by:
SidFishes earned 250 total points
ID: 21764172
could be...The directory structure may have changed from 6.1 to 7 (I'm on 8 and it's in runtime\jre\bin) There is only one instance of keytool installed though so where ever it is should be the right place.

0
 

Expert Comment

by:Shift4SMS
ID: 23924943
Hmm. I follow the instructions to the T. I hit the ENTER on the keytool command and I get "Enter keystore password?"
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question