Solved

Can't Connect After Installing New Verisign Certificate

Posted on 2008-06-11
6
702 Views
Last Modified: 2013-12-24
We use ColdFusion MX 6.1 to link to our library catalog via the cfhttp tag.  Our library catalog is a secure site with an installed Verisign Certificate.  The other day I renewed the certificate and made the appropriate changes in our Apache server.  After that coldfusion could not connect to our catalog (both ser sslv3 certificates).  So I rolled back to the original certificate and everything went back to normal.  Does anyone know what could be causing this?  Some caching problem with CF so it keeps trying to find the old certificate?

Thanks!!
0
Comment
Question by:kresgelads
  • 3
  • 2
6 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 21762510
you probably need to import the new cert into the keystore

"To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure should not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.
To manually import a certificate:

   1. Go to a page on the SSL server in question.
   2. Double-click the lock icon.
   3. Click the Details tab.
   4. Click Copy To File.
   5. Select the base64 option and save the file.
   6. Copy the CER file into C:\CFusionMX7\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
   7. Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):

      keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer

"

from livedocs
0
 

Author Comment

by:kresgelads
ID: 21762821
Couple of questions:

1)  I renewed the Verisign certificatewith another verisign certificate, therefore the problem can't be because I'm using a self signed certificate.

2)  when you use the term "giveUniqueName" I assume it's the full domain name of the site, e.g.  "mysite.oakland.edu"
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 21763958
it's quite possible that you still need to do the cert import. Also the cf service needs to be restarted after any cert update.


It also may be a bug in the jvm for  6.1 although if you dealt with the daylight savings change that's probably not the issue as you would have updated
http://www.talkingtree.com/blog/index.cfm?mode=entry&entry=25AA75A4-45A6-2844-7CA3EECD842DB576

the unique name does not have to be the fqdn just unique

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:kresgelads
ID: 21764116
Thanks!!

One final question:

when you say:  "Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin)"

I assume you mean I should be in c:\cfusionmx7\runtime\jre\bin\lib\security
Thanks Again.

0
 
LVL 36

Accepted Solution

by:
SidFishes earned 250 total points
ID: 21764172
could be...The directory structure may have changed from 6.1 to 7 (I'm on 8 and it's in runtime\jre\bin) There is only one instance of keytool installed though so where ever it is should be the right place.

0
 

Expert Comment

by:Shift4SMS
ID: 23924943
Hmm. I follow the instructions to the T. I hit the ENTER on the keytool command and I get "Enter keystore password?"
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question