January 14, 2021
Java Keystore – CFHTTP / JSON
karlkrist Follow
Comments
(2)
Share
January 14, 2021
Java Keystore – CFHTTP / JSON
karlkrist
Newbie 3 posts
Followers: 0 people
Follow
karlkrist Follow
(2)
2
Summary

Cannot send JSON to server due to communication issues – I believe it the Java security certificate

Hello All-

I have a routine that uses cfhttp to send JSON to a credit card processor.  This only generates invoices, not moving CC info.

The system will build the JSON, then send it using CFHTTP.

*Most times* I get a connection failure.  I am sure this has to do with the Java security certificates.  All of my code worked well on a previous server, with different certificate types installed in IIS.  But I am sure that I never imported a Java certificate in the past, so I am not sure why it is an issue now. (Also upgraded to CF2018 when I moved servers)

I have figured out how to install certs using the Keytool, make them active using the MMC, (and restart CF).  But this process doesn’t work, and I am sure I am making rookie mistakes.

A couple of questions:

  • what certificate should I be adding to the keystore?  Mine, or theirs?
  • Does the alias I use in the keystore matter at all?  Do I need to name it after either domain?  (if so- which?)

My environment:  Windows Server 2019.  ColdFusion 2018 Standard.

Also, very oddly…it seems as though this will *occasionally* work on the first step (sending the original request) but then will fail later when I receive information and send something back.

My website certificate is from R3.  The target server is hosted on Azure.

Any help would be appreciated.  I’ve never really dug into the Java certificates, and I am completely lost and just blindly adding more certs, not knowing if I am helping or making things worse!

Thanks-

2
karlkrist
Newbie 3 posts
Followers: 0 people
Follow
karlkrist Follow
Similar Blogs
2 Comments
Charlie Arehart
2021-01-18 22:03:18
2021-01-18 22:03:18

karlkrist, you may presuming a few too many things. Your problem may NOT have anything to do with certs. You may NOT need to import any.  For more, see a post I did on this subject. What JVM version are you using? It’s indicated in the CF Admin on the “settings summary” page.

Second, you refer to IIS and importing certs there: that would not be needed at ALL for the calls OUT via cfhttp, if that is some other server OTHER than yours. Your use of a cfhttp with with an https URL would be served by THAT server (and its web server) rather than your IIS. Make sense?

Let’s hear what else you may have learned about the problem since first posting, if anything, or if the suggestions here from Harry or me might have helped.

Like
Reply
harryl40946705
2021-01-15 18:07:36
2021-01-15 18:07:36

Q what certificate should I be adding to the keystore?  Mine, or theirs?

A: you need to add their certificate and preferably any additional certificates in the keychain to your keystore – make sure that you are updating the right keystore if you have more than one JRE/JVM

Q Does the alias I use in the keystore matter at all?  Do I need to name it after either domain?  (if so- which?)

A: not really, usually leaving it as they specify is sufficient – it only really matters if you want to specifically reference a certificate in code via its alias

Like
Reply
Add Comment