Flexuous

The other day I was working on a project in ColdFusion where I wanted to connect to a secure web server using CFHttp and do some screen scrapes. The problem I encountered was that the server was using a self issued certificate that therefore did not have a proper certificate chain. ColdFusion simply returned the following error:

I/O Exception: peer not authenticated

After some detective work.. found out what the problem was and devised an effective solution which I provide you with now…. You will need a couple of free tools and access to your server. These instructions are for Windows based machines but the concepts and tools should work on Mac or Unix based platforms.

1. Install and Setup Tools
Download and Install the Cert Viewer Plus plug-in for Firefox
https://addons.mozilla.org/en-US/firefox/addon/1964

Download and install Portecle JVM certificate manager
(portecle-1.3.zip) You do not need the source (src) version
https://sourceforge.net/projects/portecle
The easiest way to install Portecle is to unzip the contents of the zip file to a directory such as C:\Program Files\portecle-1.3\ Then find the file “Portecle.jar”, right click it and send it to your desktop as a shortcut. You can then use this shortcut to launch Portecle. (optionally you can also change the name of the shortcut and change the icon to use the portecle.ico file for the icon)

2. Extract the Certificate
If you cannot get the certificate you need directly from the issuer, you can get the certificate for the website you are trying to access from the Firefox certificate store using the Cert Viewer Plus plug-in for Firefox.

Under the [Tools] menu in Firefox select [Certificate Manager].
In the Certificate Manager screen, select the certificate desired on either the [Web Sites] or [Authorities] tab. Select the [View] button.
On the Certificate Viewer screen select [Export…]
Select a save location and name for the certificate, save as an X.509 Certificate
Remember the name and location of this certificate.

3. Install Certificate to Java Virtual Machine and/or ColdFusion server
Start Portecele.
On the [File] menu, select [Open Keystore File] navigate to and locate the keystore you are interested in.
For many java installations this will be located in your “jre\lib\security” directory and might be named “cacerts”
For the ColdFusion 8 default developer install the path will be “c:\coldfusion8\runtime\jre\lib\security\cacerts”
You will have to enter the password for the keystore. The default password is “changeit”

Now you are ready to import the key.
From the [Tools] menu select [Import Trusted Certificate]
Navigate to and locate the certificate you saved from Firefox and click [Import]
You will need to reenter the keystore password.
You can change the alias if you desire but I would recommend leaving it as the default
Note: You may also be prompted to “trust” the certificate.

4. Restart you Java Virtual Machine.
For ColdFusion not installed on top of JRun you just need to restart the ColdFusion service. If you are running on top of JRun you also need to restart JRun.

Let me know if this works for you or if you have any further suggestions.