Solved

Can't Connect After Installing New Verisign Certificate

Posted on 2008-06-11
6
711 Views
Last Modified: 2013-12-24
We use ColdFusion MX 6.1 to link to our library catalog via the cfhttp tag.  Our library catalog is a secure site with an installed Verisign Certificate.  The other day I renewed the certificate and made the appropriate changes in our Apache server.  After that coldfusion could not connect to our catalog (both ser sslv3 certificates).  So I rolled back to the original certificate and everything went back to normal.  Does anyone know what could be causing this?  Some caching problem with CF so it keeps trying to find the old certificate?

Thanks!!
0
Comment
Question by:kresgelads
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 21762510
you probably need to import the new cert into the keystore

"To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure should not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.
To manually import a certificate:

   1. Go to a page on the SSL server in question.
   2. Double-click the lock icon.
   3. Click the Details tab.
   4. Click Copy To File.
   5. Select the base64 option and save the file.
   6. Copy the CER file into C:\CFusionMX7\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
   7. Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):

      keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer

"

from livedocs
0
 

Author Comment

by:kresgelads
ID: 21762821
Couple of questions:

1)  I renewed the Verisign certificatewith another verisign certificate, therefore the problem can't be because I'm using a self signed certificate.

2)  when you use the term "giveUniqueName" I assume it's the full domain name of the site, e.g.  "mysite.oakland.edu"
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 21763958
it's quite possible that you still need to do the cert import. Also the cf service needs to be restarted after any cert update.


It also may be a bug in the jvm for  6.1 although if you dealt with the daylight savings change that's probably not the issue as you would have updated
http://www.talkingtree.com/blog/index.cfm?mode=entry&entry=25AA75A4-45A6-2844-7CA3EECD842DB576

the unique name does not have to be the fqdn just unique

http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:kresgelads
ID: 21764116
Thanks!!

One final question:

when you say:  "Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin)"

I assume you mean I should be in c:\cfusionmx7\runtime\jre\bin\lib\security
Thanks Again.

0
 
LVL 36

Accepted Solution

by:
SidFishes earned 250 total points
ID: 21764172
could be...The directory structure may have changed from 6.1 to 7 (I'm on 8 and it's in runtime\jre\bin) There is only one instance of keytool installed though so where ever it is should be the right place.

0
 

Expert Comment

by:Shift4SMS
ID: 23924943
Hmm. I follow the instructions to the T. I hit the ENTER on the keytool command and I get "Enter keystore password?"
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sweet32 Vulnerability in Microsoft IIS7.5 6 3,564
How code a 301 redirect for folder files -> 1 file 2 78
use .htaccess to re-write URL 3 24
SSL unsecure page mystery 17 46
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question