Juan Aguilar
Jan 2, 2016, 12:50:40 AM1/2/16
to Lucee
I'm hoping someone can help me with a workaround for this SSL-related issue:
<cfscript>
try {
http url="https://api.cipcert.goevo.com/REST/2.0.20/SvcInfo/token" method="GET" result="EVOResult" throwonerror="true" {
}
dump(EVOResult);
}
catch(Any excpt) {
dump(excpt);
}
</cfscript>The error returned is:
Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:196):196 at java.net.SocketInputStream.read(SocketInputStream.java:122):122 at sun.security.ssl.InputRecord.readFully(InputRecord.java:442):442 at sun.security.ssl.InputRecord.read(InputRecord.java:480):480 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927):927 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312):1312 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339):1339 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323):1323 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394):394 at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353):353 at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134):134 at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353):353 at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380):380 at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236):236 at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184):184 at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88):88 at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110):110 at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184):184 at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82):82 at lucee.runtime.tag.Executor41.execute(Http41.java:1494):1494 at lucee.runtime.tag.Executor41.run(Http41.java:1482):1482
I presume this has to do with a certificate chain error on the remote host though I recall that in the past, I've been able to workaround this by loading the cert chain into cacerts using keytool. Am I looking in the wrong place? Does anybody have any suggestions?
Thanks,
Juan
Michael Sprague
Jan 2, 2016, 1:12:51 AM1/2/16
to lucee
I'm certainly not an SSL pro but I'm guessing the certificate provider not valid error is due to a self-signed certificate. Other than adding it to the trusted Java key store directly I'm not sure how to bypass that. Perhaps using the Lucee admin where you can add certificates will take care of that for you? Good luck.
Warm regards,
Mike
--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8a9ca8a5-0fe2-4bc3-a2a8-7e340e613b84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Juan Aguilar
Jan 2, 2016, 1:52:21 AM1/2/16
to Lucee
Thanks Mike,
Unfortunately, attempting to add via the Lucee admin results in a "Could not obtain server certificate chain" error, which is why I tried adding to the cacerts keystore using keytool.
Unfortunately, attempting to add via the Lucee admin results in a "Could not obtain server certificate chain" error, which is why I tried adding to the cacerts keystore using keytool.
I think I'm in the right keystore (/lucee-server/context/security/cacerts). Could there be a different keystore?
Paul Klinkenberg
Jan 2, 2016, 4:14:41 AM1/2/16
to lu...@googlegroups.com
Hi Juan,
The API you are calling, seems to use Basic Authentication.
Therefor, you need to add a username and password to the http call, like so:
http url="https://api.cipcert.goevo.com/REST/2.0.20/SvcInfo/token" method="GET" result="EVOResult" throwonerror="true" username="myUsername" password="myPassword";
Kind regards,
Paul Klinkenberg
--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/f70600bc-1d1b-47c6-9039-07819d7c20d6%40googlegroups.com.
Juan Aguilar
Jan 2, 2016, 7:51:20 PM1/2/16
to lu...@googlegroups.com
It does but, unfortunately, it seems to be unrelated. Workaround was to upgrade to Java 8. Thanks!
You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/oE4R6mXCj4I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/13E5F561-DA7C-4E2B-BA8F-508FE2920B38%40ongevraagdadvies.nl.
Reply all
Reply to author
Forward
0 new messages