SSL and Webservices

[jaz872]

I thought that I was having a problem invoking a webservice because the certificate was not correct,
but that problem has been taken care of and I am still getting the same errors.
I am using MX 6.1 and I thought that the problems with webservices behind SSL was taken care of in this version. Can anyone point me in the right direction. Thanks.

Here is my code:

<cfinvoke
webservice="https://test-services.soplus.com/CourtSearch/CourtSearchSynch.jws"
method="Search"
username="user"
password="pass"
ReturnVariable="TestInfo">

<cfoutput>#TestInfo#</cfoutput>

Here is the error I am receiving:

Could not generate stub objects for web service invocation.
Name: https://test-services.soplus.com/CourtSearch/CourtSearchSynch.jws. WSDL: https://test-services.soplus.com/CourtSearch/CourtSearchSynch.jws. javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated It is recommended that you use a web browser to retrieve and examine the requested WSDL document for correctness. If the requested WSDL document can't be retrieved or it is dynamically generated, it is likely that the target web service has programming errors.

The error occurred in C:\Inetpub\wwwroot\jmentstest.cfm: line 40

38 : <cfinvoke
39 : webservice="https://test-services.soplus.com/CourtSearch/CourtSearchSynch.jws"
40 : method="Search"
41 : username="user"
42 : password="pass"

[kundradi]

Have you imported the root CA certificate into the cacerts of the JVM that CFMX is using? If not, import it, restart CFMX and run your code again.

Thanks

Kumaran Nallore
Macromedia QA Engineer

[jaz872]

kundradi

thanks for the reply. i hate to sound like an idiot but how do i import the certificate?

[kundradi]

You have to use the keytool that comes with the JRE to import certificates.

The syntax is as follows:

for importing certs:
jre_root/bin/keytool -import -keystore jre_root/lib/security/cacerts -f <path to root certificate> -alias <some alias>

The default keystore passowrd is "changeit"

for help:
jre_root/bin/keytool -help

[jaz872]

for importing certs:
jre_root/bin/keytool -import -keystore jre_root/lib/security/cacerts -f <path to root certificate> -alias <some alias>

where would i find the <path to root certificate>? do i download the certificate from their site?
sorry to sound so confused. i have been frustrating over this for 2 days now.

[kundradi]

One way to get the root certificate is to browse to the WSDL using your browser.

If your browser does not already trust this certificate, you will get pop-up asking if you would like to install or save the certificate. At this point, you can choose to save the certificate and point to this file while importing using keytool.

If the browser already trusts this certificate, you can click on the padlock image at the bottom of the browser and it will open up the certificate. Identify the issuing authority and find the corresponding root certificate in the IE(IE -> Tools -> Internet Options -> Content -> Certificates -> <relevant tag>).
Export the root certificate and point your keytool to this file.

[jaz872]

kundradi

you are the best. that was the answer and i am now getting a completly different error message.
i never thought i would be so happy to see an error message before.