Solved

Can't Connect After Installing New Verisign Certificate

Posted on 2008-06-11
6
714 Views
Last Modified: 2013-12-24
We use ColdFusion MX 6.1 to link to our library catalog via the cfhttp tag.  Our library catalog is a secure site with an installed Verisign Certificate.  The other day I renewed the certificate and made the appropriate changes in our Apache server.  After that coldfusion could not connect to our catalog (both ser sslv3 certificates).  So I rolled back to the original certificate and everything went back to normal.  Does anyone know what could be causing this?  Some caching problem with CF so it keeps trying to find the old certificate?

Thanks!!
0
Comment
Question by:kresgelads
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 21762510
you probably need to import the new cert into the keystore

"To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure should not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.
To manually import a certificate:

   1. Go to a page on the SSL server in question.
   2. Double-click the lock icon.
   3. Click the Details tab.
   4. Click Copy To File.
   5. Select the base64 option and save the file.
   6. Copy the CER file into C:\CFusionMX7\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
   7. Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):

      keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer

"

from livedocs
0
 

Author Comment

by:kresgelads
ID: 21762821
Couple of questions:

1)  I renewed the Verisign certificatewith another verisign certificate, therefore the problem can't be because I'm using a self signed certificate.

2)  when you use the term "giveUniqueName" I assume it's the full domain name of the site, e.g.  "mysite.oakland.edu"
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 21763958
it's quite possible that you still need to do the cert import. Also the cf service needs to be restarted after any cert update.


It also may be a bug in the jvm for  6.1 although if you dealt with the daylight savings change that's probably not the issue as you would have updated
http://www.talkingtree.com/blog/index.cfm?mode=entry&entry=25AA75A4-45A6-2844-7CA3EECD842DB576

the unique name does not have to be the fqdn just unique

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:kresgelads
ID: 21764116
Thanks!!

One final question:

when you say:  "Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin)"

I assume you mean I should be in c:\cfusionmx7\runtime\jre\bin\lib\security
Thanks Again.

0
 
LVL 36

Accepted Solution

by:
SidFishes earned 250 total points
ID: 21764172
could be...The directory structure may have changed from 6.1 to 7 (I'm on 8 and it's in runtime\jre\bin) There is only one instance of keytool installed though so where ever it is should be the right place.

0
 

Expert Comment

by:Shift4SMS
ID: 23924943
Hmm. I follow the instructions to the T. I hit the ENTER on the keytool command and I get "Enter keystore password?"
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question