I have an API that runs fine on one of my two web servers but not on the other one or on my local machine, instead I get a connection failure when I send https requests as p
If you are using cfhttp
to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:
Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.
The default truststore is the JRE's cacerts file. This file is typically located in the following places:
Server Configuration:
cf_root/runtime/jre/lib/security/cacerts
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/lib/security/cacerts
Sun JDK installation:
jdk_root/jre/lib/security/cacerts
Consult documentation for other J2EE application servers and JVMs
In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.
https://xyz/infoLookup.php?wsdl
.Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)
cmd
prompt as administrator on the ColdFusion serverThe keytool is part of the Java SDK and can be found in the following places:
Server Configuration:
cf_root/runtime/bin/keytool
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/bin/keytool
Sun JDK installation:
jdk_root/bin/keytool
Consult documentation for other J2EE application servers and JVMs
To install the cert:
"c:\program files\java\jre7\bin\keytool" -import -v -alias your_cert_alias_name -file C:\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit
Note: *your_cert_alias_name* I used above can be whatever you want
Note: *C:\wherever_you_saved_the_file\cert_file.cer* change these values to whatever you use for the server folder and certificate file name
To verify the cert:
"c:\program files\java\jre7\bin\keytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit
Note: *your_cert_alias_name* use the same name here that you used above to install the cert
Restart the ColdFusion service It will not read the updated cacerts file until you do this.
You can delete the imported certificate file from the server if you wish.
I don't have enough points to comment on @Miguel-F 's answer so I need to post this answer with my experience and further details...
After following directions to add the cert, CFHTTP still wasn't getting the https site for me. I found this post which finally helped me solve the issue. It describes adding SSL debug output to the coldfusion-out.log file, which specifies the exact download URL for the cert you're missing. The cert I was missing was for "Let's Encrypt" which appeared in the log file as:
accessLocation: URIName: http://cert.int-x3.letsencrypt.org/
I hit that URL and used the keytool to add the downloaded file to keystore. Voila! Sanity restored.
I both love and hate ColdFusion
I had a server with Coldfusion 10 (using Java Version:1.7.0_15) and Windows Server 2008. I had added certificates for my API url. But I was getting error
Connection Failure: Status code unavailable.
Then I added the following config to Coldfusion JVM config in the Coldfusion Administrator and it started working.
-Dhttps.protocols=TLSv1.1,TLSv1.2
There are a number of scenarios here that could present this message.
There are also a number of detailed blog posts and threads that could help you through investigating your issue.
1) DNS resolution issue -- ensure you can hit the endpoint url, or this error will be produced.
2) Ensure to set a user agent in the cfhttp request, servers easily can detect non-standard user agents and filter them out.
enter code here
3) Disable compression in the request. In cases where you are hitting some servers, this works. This can come up with some configurations of IIS. There are numerous sites with this example on the search and it has worked for me.
<cfhttp url="https://yourUrlHere.com" method="get">
<cfhttpparam type="Header" name="Accept-Encoding" value="*">
<cfhttpparam type="Header" name="TE" value="deflate;q=0">
</cfhttp>
Another header you can try to send depending on the http server on the other end is:
<cfhttpparam type="header" name="Accept-Encoding" Value="no-compression">
Source
4) If the issue is caused by an SSL certificate, you can manually add the certificates to your server. I prefer not to look in this direction if possible but you can search for it.
5) Another scenario of connecting to an https url is that there may be a need to disable the default certificate provider (there are many in Java and the default one may not fit what is needed). This does not impact security, only uses a different, equivalent library.
Source for Example 5
6) Last but not least, you may be falling prey to rewrite rules. I have not experienced this, but it looks interesting.
CFHTTP "Connection Failures" issues when using mod_rewrite
For those who may have landed here if they were having trouble using cfhttp and Google's recaptcha secure verify service (like I did), the post on this page regarding adding Google's security certificate to the JRE's cacerts file is essential.
What is also essential (and not easy to find) is to add
<cfhttpparam type="CGI" encoded="false" name="Content_Type" value="application/json; charset=utf-8">
to you cfhttp request. This will solve the error "Unable to determine content type. Invalid MIME." which also looks like a connection error. (adding to Jas' answer above)
Thanks to 12Robots over on Adobe's ColdFusion Communities forum for that one!
Thanks David. I have added below 3 header tags and all good.
<cfhttpparam type="header" name="Content-Type" value="application/json" />
<cfhttpparam type="header" name="Accept-Encoding" Value="*">
<cfhttpparam type="Header" name="TE" value="deflate;q=0">
Thanks - Hitesh