CFHTTP calling HTTPS urls

Written on 6 February 2015, 02:46pm

Tagged with: , ,

To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses.

Here is how to do that:
1. Load the HTTPS url in your browser and export the certificate as a .cer file (see link above for more details)

2. Copy the .cer file on the CF server

3. Locate the path of ‘Java Home’ in CF Admin. It should be something like /usr/java/jre1.7.0_51, usually with a symlink to /usr/java/default.
The keystore location should be {Java Home}/lib/security/cacerts and it’s password protected.

4. Import the .cer file into the keystore:

#/usr/java/default/bin/keytool -import -keystore 
/usr/java/default/lib/security/cacerts -alias thomas 
-file thomas.cer -storepass changeit

5. Check that the certificate was installed:

#/usr/java/default/bin/keytool -list -keystore 
/usr/java/default/lib/security/cacerts -storepass changeit -alias thomas 
# thomas, Feb 6, 2015, trustedCertEntry, Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

6. Restart ColdFusion server

See also this and that.

Leave a response