setting properties of a webservice secured by SSL

I am connecting to a webservice secured by SSL v3.  Although I have the cert in my keystore it is failing.  I found that if I browse the webservice from my server using IE (with less forgiving security settings), I can see this error appear:

       Revocation Information for the security certificate is not available.  Do you want to proceed?

 But it leads me to suspect that my webservice's connection error is being caused by my webservice not being able to respond to this question with a Yes or No answer.

I am using Coldfusion, which sits on top of Java.  Is there a way to tell it to ignore certificate errors?
Alternatively, how could the certificate holder update the certificate to keep this error from happening?

Here's some sample code...


<cfset wsargs = structnew()>
<cfset wsargs.refreshwsdl="yes">
 
<CFSET javaSystem = createObject("java", "java.lang.System") />
<CFSET prop = javaSystem.getProperties() />
<CFSET prop.setProperty("javax.net.ssl.trustStore", "D:\CFusion8\runtime\jre\lib\security\cacerts") />
<CFSET prop.setProperty("javax.net.ssl.trustStorePassword", "changeit") />
 
<cfset ws = CreateObject("webservice","https://theirWebSite.com/ws2008/service.asmx?wsdl", wsargs)>
<cfset ws._setProperty("axis.transport.version", "1.1")>

Open in new window

LVL 39
gdemariaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

visorxCommented:
Check if you can navigate to CRL url. You can get it in certificate information window in IE. Copy the CRL url and paste in IE. IE should be able to reach it.
0
gdemariaAuthor Commented:
Thanks for responding visorx!   I have posted this issue in many places and gotten nothing - I really appreciate it!

The image shows the certificate file, this seems to be the path you're referring to.   It does open a file when placed in the browser URL on my server.

http://crl.verisign.com/Class3InternationalServer.crl

Therefore, as you suggesting the issue is something else?

certificateDetail.jpg
0
visorxCommented:
Ok this may seems little messy to me. I'll try to help but I can only guide you to possible solution.
Actually two possibilities for this error are there: first is that the IE browser is not able to verify the certificate and another one is that the certificate itself is not valid.
For the first problem:
1. Verify that Internet Explorer is configured to use SSL 2.0 and SSL 3.0. (Internet tools->options->Advanced) Make sure that Use SSL 3.0 is chcked.
2. Verify that the Microsoft Cryptographic Services service is started. Start->Run->type "net start cryptsvc" and then press ENTER.
3. Verify that the date and time settings on your computer are correct.

For second possibility:
1. Make sure that Certificate expiry date is present and is valid.
2. If the publishing CA of the CRL does not match the issuing CA for the certificate for which certificate revocation is being checked, then the certificate revocation check fails.

Ok if all this fails then, we'll need to get more deep. If all this fails then please explain a little to me how you are expecting the authentication/verification to work.

Cheers

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gdemariaAuthor Commented:

It turns out that Coldfusion 8 does not support SSL v3,  CF 9 is supposed to support it, due out next summer.

0
gdemariaAuthor Commented:
Thanks very much for your efforts.

It turns out that Coldfusion 8 does not support SSL v3
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.