gdemaria
asked on
setting properties of a webservice secured by SSL
I am connecting to a webservice secured by SSL v3. Although I have the cert in my keystore it is failing. I found that if I browse the webservice from my server using IE (with less forgiving security settings), I can see this error appear:
Revocation Information for the security certificate is not available. Do you want to proceed?
But it leads me to suspect that my webservice's connection error is being caused by my webservice not being able to respond to this question with a Yes or No answer.
I am using Coldfusion, which sits on top of Java. Is there a way to tell it to ignore certificate errors?
Alternatively, how could the certificate holder update the certificate to keep this error from happening?
Here's some sample code...
Revocation Information for the security certificate is not available. Do you want to proceed?
But it leads me to suspect that my webservice's connection error is being caused by my webservice not being able to respond to this question with a Yes or No answer.
I am using Coldfusion, which sits on top of Java. Is there a way to tell it to ignore certificate errors?
Alternatively, how could the certificate holder update the certificate to keep this error from happening?
Here's some sample code...
<cfset wsargs = structnew()>
<cfset wsargs.refreshwsdl="yes">
<CFSET javaSystem = createObject("java", "java.lang.System") />
<CFSET prop = javaSystem.getProperties() />
<CFSET prop.setProperty("javax.net.ssl.trustStore", "D:\CFusion8\runtime\jre\lib\security\cacerts") />
<CFSET prop.setProperty("javax.net.ssl.trustStorePassword", "changeit") />
<cfset ws = CreateObject("webservice","https://theirWebSite.com/ws2008/service.asmx?wsdl", wsargs)>
<cfset ws._setProperty("axis.transport.version", "1.1")>
Check if you can navigate to CRL url. You can get it in certificate information window in IE. Copy the CRL url and paste in IE. IE should be able to reach it.
ASKER
Thanks for responding visorx! I have posted this issue in many places and gotten nothing - I really appreciate it!
The image shows the certificate file, this seems to be the path you're referring to. It does open a file when placed in the browser URL on my server.
http://crl.verisign.com/Class3InternationalServer.crl
Therefore, as you suggesting the issue is something else?
certificateDetail.jpg
The image shows the certificate file, this seems to be the path you're referring to. It does open a file when placed in the browser URL on my server.
http://crl.verisign.com/Class3InternationalServer.crl
Therefore, as you suggesting the issue is something else?
certificateDetail.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It turns out that Coldfusion 8 does not support SSL v3, CF 9 is supposed to support it, due out next summer.
ASKER
Thanks very much for your efforts.
It turns out that Coldfusion 8 does not support SSL v3
It turns out that Coldfusion 8 does not support SSL v3