setting properties of a webservice secured by SSL

I am connecting to a webservice secured by SSL v3.  Although I have the cert in my keystore it is failing.  I found that if I browse the webservice from my server using IE (with less forgiving security settings), I can see this error appear:

       Revocation Information for the security certificate is not available.  Do you want to proceed?

 But it leads me to suspect that my webservice's connection error is being caused by my webservice not being able to respond to this question with a Yes or No answer.

I am using Coldfusion, which sits on top of Java.  Is there a way to tell it to ignore certificate errors?
Alternatively, how could the certificate holder update the certificate to keep this error from happening?

Here's some sample code...

<cfset wsargs = structnew()>
<cfset wsargs.refreshwsdl="yes">
<CFSET javaSystem = createObject("java", "java.lang.System") />
<CFSET prop = javaSystem.getProperties() />
<CFSET prop.setProperty("", "D:\CFusion8\runtime\jre\lib\security\cacerts") />
<CFSET prop.setProperty("", "changeit") />
<cfset ws = CreateObject("webservice","", wsargs)>
<cfset ws._setProperty("axis.transport.version", "1.1")>

Open in new window

LVL 39
Who is Participating?
visorxConnect With a Mentor Commented:
Ok this may seems little messy to me. I'll try to help but I can only guide you to possible solution.
Actually two possibilities for this error are there: first is that the IE browser is not able to verify the certificate and another one is that the certificate itself is not valid.
For the first problem:
1. Verify that Internet Explorer is configured to use SSL 2.0 and SSL 3.0. (Internet tools->options->Advanced) Make sure that Use SSL 3.0 is chcked.
2. Verify that the Microsoft Cryptographic Services service is started. Start->Run->type "net start cryptsvc" and then press ENTER.
3. Verify that the date and time settings on your computer are correct.

For second possibility:
1. Make sure that Certificate expiry date is present and is valid.
2. If the publishing CA of the CRL does not match the issuing CA for the certificate for which certificate revocation is being checked, then the certificate revocation check fails.

Ok if all this fails then, we'll need to get more deep. If all this fails then please explain a little to me how you are expecting the authentication/verification to work.


Check if you can navigate to CRL url. You can get it in certificate information window in IE. Copy the CRL url and paste in IE. IE should be able to reach it.
gdemariaAuthor Commented:
Thanks for responding visorx!   I have posted this issue in many places and gotten nothing - I really appreciate it!

The image shows the certificate file, this seems to be the path you're referring to.   It does open a file when placed in the browser URL on my server.

Therefore, as you suggesting the issue is something else?

gdemariaAuthor Commented:

It turns out that Coldfusion 8 does not support SSL v3,  CF 9 is supposed to support it, due out next summer.

gdemariaAuthor Commented:
Thanks very much for your efforts.

It turns out that Coldfusion 8 does not support SSL v3
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.