问题
I'm trying to retrieve files from a server over SSL using the ColdFusion CFHTTP tag with no success. Our environment is Linux using the Server Configuration. The keystore used is at cf_root/runtime/jre/lib/security/cacerts. I retrieved X.509 certificate (in DER format) from the target server and exported it to a file. On our server, in the folder where cacerts resides, I imported this cert into our cacerts keystore:
keytool -import -alias certAlias -file pathToX509Cert -keystore cacerts -storepass blahPass
and restarted ColdFusion. Yet, we're still getting the "I/O Exception: peer not authenticated" error. I even tried importing the same cert into the trustStore at cf_root/runtime/lib/trustStore and restarting ColdFusion. Same result. Is there something else I'm missing? I've even tried Raymond Camden's workaround with no luck.
回答1:
Depending on the version of CF you're running, the workaround posted by Ray is the only solution. Importing the certificate can work in some cases but if you're accessing a wildcard SSL certificate, I have never been able to get it to work on CF8 or below.
For reference, the code that will fix this is:
<cfset objSecurity = createObject("java", "java.security.Security") />
<cfset storeProvider = objSecurity.getProvider("JsafeJCE") />
<cfset objSecurity.removeProvider("JsafeJCE") />
If this is not working for you, can you post the URL you are trying to access so we can inspect the certificate?
FWIW, you can generally catch this failure in a cfcatch using type "COM.Allaire.ColdFusion.HTTPFailure".
来源:https://stackoverflow.com/questions/15390369/cfhttp-over-ssl