Re: [Lucee] SSL Certificates - wildcards

[AJ Mercer]

has anyone been able to use a wildcard SSL cert?

On 17 April 2015 at 19:34, Nando Breiter <na...@aria-media.com> wrote:

I'd like to compliment the Lucee developers on how easy and intelligent the SSL Certificate installation process via the admin panel. All I needed to do was enter the url of the host and click install! Having managed this via the command line before on ACF, this brought a huge smile to my face. Thanks!!!

Aria Media Sagl
Via Rompada 40
6987 Caslano
Switzerland

+41 (0)91 600 9601
+41 (0)76 303 4477 cell
skype: ariamedia

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAGHrs%3D9S-_Ls4v0W5tt7YEfm67UUx5a3nObJPAj9unMOv-r5nw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

AJ Mercer
<webonix:net strength="Industrial" /> | <webonix:org community="Open" />
http://twitter.com/webonix

[Michael van Leest]

Do other people still have issues with Wildcard SSL? (Lucee 4.5.2.010 and for example www.googleapis.com)?

Can't seem to use cfhttp with www.googleapis.com even after updating the 3 jars, restarts and updating to 4.5.2.010...

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAPURtC0kxogg8R%3DaYmsp98sAJdw9gE%3DUO75uB%2BW8OYdzsa6cDQ%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Michael van Leest

[Sean Daniels]

I had trouble with googleapis.com, after updating the jars following the instructions in another thread or in the ticket, I can't remember.

I finally went to maven to download the jars directly from there:

http://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.1
http://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5
http://mvnrepository.com/artifact/org.apache.httpcomponents/httpmime/4.5

And that seems to have fixed it for now...

> --
> See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
> ---

> You received this message because you are subscribed to the Google Groups "Lucee" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
> To post to this group, send email to lu...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAMaJE6tD6b8u0AheyYW1xSVq%3D19OKDWyacNM-i%3DCOLRN8tMRWw%40mail.gmail.com.

[Michael van Leest]

I've updated those jars (they were in the Lucee BitBucket project).

But after digging a bit further, 2 of the 3 jars were updated and the download links in one of the mails on the list where pointing to the first version/commit of those jars, which had an issue with *.googleapis.com certs.

After using the latest version from the bitbucket project, all seems well...

Thanks Sean.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/2BA687D2-B8B8-44D8-AC30-10C6375C3A2A%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Michael van Leest

[Andrew Dixon]

Michael, try grabbing Simon Hooker on the CFML Slack, he should be able to help you out with this.

Kind regards,

Andrew

about.me - mso - Lucee Association Member

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAMaJE6sUjVGXp2YfmOyVJD1M5HQyDZ8%3DYHLDeSCRY9Jus1j4EA%40mail.gmail.com.

[Michael van Leest]

Thanks Andrew.

Got it sorted. The link to the jars was pointing to the first commit (not the last commit with the final correct jars).

Mike

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAG1WijUXCq7O%3D7Sy2%3Di7xAFeUvfKSQWFzv%2B5b%3Dv290qE%3DSoK5Q%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Michael van Leest

[Terry Whitney]

Yes, what would you like to know.

[Michael van Leest]

Thanks Terry, but as mentioned it was just a case of downloading the initial commit of the jars.

Downloading the the last version from git fixed the issue.

--

See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
---

You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5298a0cc-edf6-483c-b237-7ebc9e08fa9d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Michael van Leest

[Jay B]

I just started a post here https://groups.google.com/forum/#!topic/lucee/zRvzCYQXlOk before I realized that the googleapis uses a wildcard.

I just reinstalled with the installer so I have 4.5.1.023 & Tomcat8 and cfhttp to maps api no longer works.

I see that a DL or the 3 jars is supposed to help....but I don't know what to do with them. Don't seem to exist as files on my server. Are they compiled into Lucee itself?

Any help is appreciated.

[Jordan Michaels]

They wouldn't be compiled into the lucee jar if they're normally separate. The lucee jars are available in:

/opt/lucee/lib/ (linux default)
or
C:\lucee\lib (windows default)

Tomcat jars are available in:

/opt/lucee/tomcat/lib (linux default)
or
C:\licee\tomcat\lib (windows default)

If the jars you're looking for aren't in those locations, you'll need to manually add them.

Hope this helps!

-Jordan

--
See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/8a11623e-01d9-4e7f-9303-1203a889fff0%40googlegroups.com.

[Jay B]

Thanks Jordan but that's what is confusing me....

I searched for the 3 files recommended above in this thread to fix this issue (assuming they were existing & out of date) but I don't have any of them. I can throw them in the Tomcat lib dir...but that doesn't seem like it makes any sense...

That''s what I don't understand. 

[Sean Daniels]

They go in /opt/lucee/lib. You're talking about the apache-commons-httpclient.jar, apache-commons-httpcore.jar, and apache-commons-httpmime.jar files.

Overwrite the ones in /opt/lucee/lib with the ones you download from Maven.

> To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/f59554a3-b041-4b99-9d28-766b7b8c920d%40googlegroups.com.

[Jay B]

Ok that fixed it. Thanks Sean & Jordan.

I also learned that server 2012 search is different than Win7

Win7 search for "httpcore" will find "apache-commons-httpcore.jar"

...on server2012 it won't. You need to search with *httpcore. 

Which is just silly.

[Bill Tindal]

I'm struggling with this still.

I have the latest development version of Lucee (not 5) and have replaced the 3 .jar files as indicated and still no luck.

I'm using a wildcard certificate with nginx.

Is there anyway to install the certificate into Lucee or the java store? I recall doing this with keytool on Windows servers a while back.

[Jordan Michaels]

To clarify, are you trying to connect to a secure server using Lucee or are you trying to secure your Lucee installation with an SSL certificate?

--
Kind regards,
Jordan Michaels
Vivio Technologies

----- Original Message -----
From: "Bill Tindal" <mal...@gmail.com>
To: "Lucee" <lu...@googlegroups.com>
Sent: Tuesday, December 15, 2015 3:00:58 PM
Subject: Re: [Lucee] SSL Certificates - wildcards

I'm struggling with this still.

I have the latest development version of Lucee (not 5) and have replaced
the 3 .jar files as indicated and still no luck.

I'm using a wildcard certificate with nginx.

Is there anyway to install the certificate into Lucee or the java store? I
recall doing this with keytool on Windows servers a while back.

On Saturday, 18 April 2015 09:58:20 UTC+10, AJ Mercer wrote:
>
> has anyone been able to use a wildcard SSL cert?
>
> On 17 April 2015 at 19:34, Nando Breiter <na...@aria-media.com

> <javascript:>> wrote:
>
>> I'd like to compliment the Lucee developers on how easy and intelligent
>> the SSL Certificate installation process via the admin panel. All I
>> needed to do was enter the url of the host and click install! Having
>> managed this via the command line before on ACF, this brought a huge smile
>> to my face. Thanks!!!
>>
>>
>>
>> Aria Media Sagl
>> Via Rompada 40
>> 6987 Caslano
>> Switzerland
>>
>> +41 (0)91 600 9601
>> +41 (0)76 303 4477 cell
>> skype: ariamedia
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Lucee" group.
>> To unsubscribe from this group and stop receiving emails from it, send an

>> email to lucee+un...@googlegroups.com <javascript:>.
>> To post to this group, send email to lu...@googlegroups.com <javascript:>
>> .

>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/lucee/CAGHrs%3D9S-_Ls4v0W5tt7YEfm67UUx5a3nObJPAj9unMOv-r5nw%40mail.gmail.com

>> <https://groups.google.com/d/msgid/lucee/CAGHrs%3D9S-_Ls4v0W5tt7YEfm67UUx5a3nObJPAj9unMOv-r5nw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .

>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
>

> *AJ Mercer*
> <webonix:net strength="Industrial" /> <http://webonix.net> | <webonix:org
> community="Open" /> <http://webonix.org>
> http://twitter.com/webonix
>

--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---

You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/89254d98-60fa-4f3e-8da3-d17c78613ef8%40googlegroups.com.

[Bill Tindal]

I'm trying to connect to the same server via scheduled tasks. The sites running on the server are successfully secured with a wildcard SSL certificate.

I just used the keytool to import the .cer file and it hasn't worked either.

Running a simple cfhttp get to the https url results in the below:

Unknown host: Received fatal alert: handshake_failure

[Jay B]

Since it's on the same server try the SNI fix I posted a week or so ago (perhaps similar to wildcard problems)

"It -is- possible to set up a scheduled task to work via http (rather than https) even if you have url rewrites to SSL only. You need to set up the scheduled task URL to:

http://mydomain.ca/service/export.cfm (no https)

and then set the port on the line below to 8888 (or whatever port tomcat is running on) rather than 80 "

[Julian Halliwell]

The scheduler engine in the current version of Lucee can't access https URLs which use SNI: https://luceeserver.atlassian.net/browse/LDEV-649

Try Jay's workaround of using the http Tomcat URL over port 8888.

Julian.