Adding a certificate to the ColdFusion keystore

When trying to connect to an HTTPS site using the cfhttp tag, the tag may produce the error:

Unable to connect to SSL site error

Unable to connect to SSL site error

To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure may not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. This procedure should only be necessary if the server URL is not in any of the certificates and they have not expired.

However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.  The instructions below show how to install a certificate into a ColdFusion 8 keystore, multi-server install.

  1. Place the certificate on the ColdFusion server.
  2. Change to the directory {cf_installdirectory}/jre/lib/security
  3. Import the cert (keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias anyalias -file certificatefile)
  4. If the import is successful you will get a confirmation that the certificate was added to the keystore.
  5. Restart coldfusion.

This procedure can also be helpful if scheduled tasks that connect to SSL servers are not running.

Advertisements