Sometimes I find problems that a solution is everywhere for, however when I attempt to implement it, I find the fix still doesn't work. This is what I encountered when attempting to connect to a web service provider the other day. Here was my situation, I was connecting to a web service that happened to have its data on an HTTPS server.

For the example we'll call the server "HTTPS://TESTSERVER.EXAMPLE.COM/FOO/BAR". When I tried to connect I was met with the following error:

Using the steps on the following site, I was able to import the server certificate and get it inserted into our CACERTS file.

http://blog.flexuous.com/2008/04/22/install-server-or-ca-certificate-in-coldfusion-or-java-virtual-machine/

I still kept getting the "peer not authenticated" issue. At first I thought it could be that I was updating the wrong CACERTS file or maybe I needed to update another section. That led me nowhere however. Finally, I had to take a step back and review my assumptions. I reviewed the certificate and all it's attributes. The biggest one that stuck out was the URL. Remembering that Java is indeed case sensitive I decided to update the URL have the domain be lower case: https://testserver.example.com/FOO/BAR

I gave the URL a try and lo and behold the process connected! I was happy to see this result, but I wanted to know exactly which part of the URL was causing the problem. I changed the subdomain testserver to upper case. The URL still worked not surprisingly, since the certificate is related to the domain specifically. What did surprise me was when I changed the domain to upper case. The connection still worked. Changing the only thing left to change, I updated the "https" to upper case. This duplicated the error.

My takeaway from this experience: If you're going to be creating CFHTTP calls, make sure your HTTPS text is lower case.

-Jonny

This entry was posted on August 3, 2011 at 2:44 PM and has received 832 views. There are currently 1 comments. Print this entry.