Sudden error with CFHTTP ans SSL
80 views
Skip to first unread message
hofar...@houseoffusion.com
Mar 31, 2015, 8:04:27 AM3/31/15
to ColdFusion Technical Talk
Hi,
I have an application under CF 9 with a paiment module using Paypal.
At the end of the process, Paypal acknowledges the paiement and my app calls a Paypal page to validate the whole operation. This is done with a CFHTTP call
This application has been working fine for years with no modification, bur all of a sudden starting March 23rd, I get this error:
I/O Exception: peer not authenticated
It appears to be an error with the SSL certificate, but how come ?
The Paypal site is verified by Verisign.
What ca I do?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360318
hofar...@houseoffusion.com
Mar 31, 2015, 8:51:36 AM3/31/15
to ColdFusion Technical Talk
What is the URL and does the domain name match the certificate exactly,
meaning not a wildcard certificate. Could be PayPal updated their SSL
certificate and is either a wildcard certificate or multi-site/domain
certificate (not sure what these are really called).
CF will not like it if the domain is www.domain.com, but the certificate is
*.domain.com. In this case, you need to import the certificate to the java
cacerts as a trusted certificate to by-pass the security matching.
You can either do this from the command line, or by far the easier route is
this extension to CF admin.
http://certman.riaforge.org/
https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=import+ssl+certificate+coldfusion+9+to+cacerts
~Byron
hofar...@houseoffusion.com
Mar 31, 2015, 9:32:14 AM3/31/15
to ColdFusion Technical Talk
I also once solved this by editing the hosts file on the server and adding
lines to force the name on the cert to point to the right IP.
hofar...@houseoffusion.com
Mar 31, 2015, 11:38:26 AM3/31/15
to ColdFusion Technical Talk
>>Could be PayPal updated their SSL
I'm trying your suggestion, thanks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
hofar...@houseoffusion.com
Apr 1, 2015, 9:48:05 PM4/1/15
to ColdFusion Technical Talk
>>you need to import the certificate to the java
cacerts as a trusted certificate to by-pass the security matching.
Thanks a lot.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
hofar...@houseoffusion.com
Apr 3, 2015, 12:27:19 PM4/3/15
to ColdFusion Technical Talk
When I read these messages, I checked one of my old websites that
uses paypal integration services and found that it stopped
working. Payments were getting processed but the results
confirmation didn't work. This is on Coldfusion 8.
Thanks to this thread I found the problem and fixed it.. but just to
make it faster for others...
the certificate needed is the Verisign G5 certificate which you can
get at
https://knowledge.verisign.com/support/mpki-for-ssl-support/index?page=content&actp=CROSSLINK&id=SO5624
To see if you have it installed - and to install it if you don't, use:
https://github.com/webdevsourcerer/CF-CertMan
and install the version for your coldfusion version.
After installing, you need to restart the cold fusion service.
For those that like details, the paypal notice is at
https://ppmts.custhelp.com/ci/fattach/get/471495/1425083092/redirect/1/filename/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20(U.S.%20English).pdf
Thanks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
hofar...@houseoffusion.com
Apr 3, 2015, 12:54:27 PM4/3/15
to ColdFusion Technical Talk
>>Payments were getting processed but the results
confirmation didn't work. This is on Coldfusion 8.
>>the certificate needed is the Verisign G5 certificate
That is probably the problem: Paypal must have moved from Verisign to Symantec, which is logical since both Paypal ans Symantec are owned by eBay.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
hofar...@houseoffusion.com
Apr 3, 2015, 1:00:21 PM4/3/15
to ColdFusion Technical Talk
Verisign certificate products have been taken over by Symantec.
hofar...@houseoffusion.com
Apr 3, 2015, 4:05:35 PM4/3/15
to ColdFusion Technical Talk
So then is the symantec certificate newer? Should I also add
that? What is the link to it? They have so many certificates on paypal
hofar...@houseoffusion.com
Apr 3, 2015, 4:11:48 PM4/3/15
to ColdFusion Technical Talk
Best option is to contact PayPal support with that question. They should be
able to point you to the valid certs.
Good luck, Michael
hofar...@houseoffusion.com
Apr 3, 2015, 8:03:24 PM4/3/15
to ColdFusion Technical Talk
Paypal support is useless. I contacted them 3 times for another issue
last week and they couldn't help at all
At 04:11 PM 4/3/2015, you wrote:
>Best option is to contact PayPal support with that question. They should be
>able to point you to the valid certs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360373
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Reply all
Reply to author
Forward
0 new messages