How Do I Consume SSL Encrypted Content with CFHTTP?
Many websites that use SSL certificates are not accessible via CFHTTP or via ColdFusion Web Services. This happens because the certificate issuing authority is not registered in the security keystore in the JVM that ColdFusion is running on top of. This can be remedied by installing the SSL certificate for the site or service you’re trying to consume. In order to do this, you will need to have administrative rights on the server (or local development machine) you are working on. Following is a step-by-step guide to installing an SSL certificate into your ColdFusion environment.
Prerequisites
You must have the following in order to complete this process:
- Administrative access to the ColdFusion server
- Functional JVM (Java Runtime or JDK) (http://java.com/)
- KeyTool GUI Application ("http://keytool-gui.software.informer.com/)
Installing KeyToolGUI
Follow these instructions to install the KeyTool GUI on the computer running ColdFusion
- Download the ZIP archive: http://keytool-gui.software.informer.com/
- Extract the entire /KeyTool GUI 1.7/ directory into your applications directory: c:/Program Files/ (Windows) or /Applications/ (Mac) so that you have a directory named: c:/Program Files/KeyTool GUI 1.7/ (Windows) or /Applications/KeyTool GUI 1.7/ (Mac)
- Run the application’s JAR (ktg-17.jar)
Step-by-Step Instructions (Windows)
- In your browser, navigate to the URL / URI where the SSL Certificate can be viewed
- Click on the padlock icon in the address bar (IE or Chrome) or at the bottom of the screen (Firefox)
- Select "View Certificates"
- Click on the "Details" tab and then click "Copy to File ..."
- Walk through the wizard to create a "DER encoded binary X.509 (CER)" format certificate
- Save the file to a local directory (i.e.: c:\SSL\)
- Open KeyTool GUI (c:\Program Files\KeyTool GUI 1.7\ktg-17.jar)
- Open the Java Keystore for ColdFusion (Show All Files): c:\ColdFusion9\runtime\jre\lib\security\cacerts\ (Windows)
- Enter password "changeit"
- Click on: Tools > Import Trusted Certificate
- Locate the file you saved from IE (i.e.: c:\SSL\)
- Click "Import" and follow the wizard
- Save "cacerts" KeyStore
- Restart ColdFusion Service
Step-by-Step Instructions (OS X)
- In your browser, navigate to the URL / URI where the SSL Certificate can be viewed
- Click on the padlock icon in the address bar (Chrome, Firefox or Safari)
- Select "View Certificates"
- Click on the "Details" tab and then click "Export"
- Walk through the wizard to create a "DER encoded binary X.509 (CER)" format certificate
- Save the file to a local directory (i.e.: /Users//Desktop/)
- Open KeyTool GUI (/Applications/KeyTool GUI 1.7/ktg-17.jar)
- Open the Java Keystore for ColdFusion (Show All Files): /Applications/coldfusion9/runtime/jre/lib/cacerts/
** NOTE: Cacerts on Mac may also be found in: /Library/Java/lib/security/cacerts/ and you may need to make this writable using: sudo chmod 777 cacerts
- Enter password "changeit" or "changeme" (depending on Java version)
- Click on: Tools > Import Trusted Certificate
- Locate the file you saved from your browser (i.e.: Users/Desktop/)
- Click "Import" and follow the wizard
- Save "cacerts" KeyStore
- Restart ColdFusion Service:
** Open Terminal
** cd /Applications/coldfusion9/bin (or /Applications/coldfusion10/cfusion/bin for CF10)
** ./coldfusion restart
Note that you will not be able to consume the service or access the site until you restart the ColdFusion service.
This question was written by Joshua Miller
It was last updated on June 30, 2013.