0

Recently I am done with the SSL certification installation procedure in the Coldfusion Truststore, I'm getting Attribute Validation error now which clearly states that I need to have cfhttp in my code. I understood that. So,I'll have to use cfhttp something like the following: method = "post", clientCert = ?? and clientCetPassword = ?? result = "xyz"

I came across some posts (forums.adobe.com/message/800318) and there they have mentioned that clientcert should include file with format, .pkcs ? If yes, then, I'm wondering from where should I bring this file and am I following the correct procedure? Is it the same file that I downloaded in the DER format? Please throw some light on this.

Does anyone know any good source where I can read about sending clientCert and clientcertPassword related stuff? Adobe docs aren't much informative for me.

Thanks

P.S: The SSL instalaltion work I did is mentioned at one of my previous post. Please take a look.

Getting Unable to read WSDL error

Community
  • 1
  • 1
Jack
  • 989
  • 3
  • 13
  • 24
  • PKCS is not a file extension, it [is a group of public-key cryptography standards](http://en.wikipedia.org/wiki/PKCS). You've already imported their certificate into the keystore for ColdFusion so you should be good to go. You need to read your third-party's API documentation to learn how they want the username and password sent to them. As far as using `cfhttp` to make the SOAP request Ben Nadel has an excellent write up on the topic [Making SOAP Web Service Requests With ColdFusion And CFHTTP](http://www.bennadel.com/blog/1809-Making-SOAP-Web-Service-Requests-With-ColdFusion-And-CFHTTP.htm). – Miguel-F Oct 21 '13 at 13:03
  • @Miguel Okay, so you meant to say that I don't need to include `clientCert` and `Clientcertpassword` fields while using `cfhttp`? Also, by saying that I need to learn third party documentation, did you mean that they have some specific documentation for sending username and password or are you referring to the WSDL they have provided? P.S: they have already provided username and password. Please clarify – Jack Oct 21 '13 at 16:33
  • No I am not saying that you don't need to include the `clientCert` and `Clientcertpassword` fields. By _third party_ I mean the provider that is giving you access to their service. If they want anyone to be able to use their services then they must provide you documentation on how to use their services. Not just a WSDL. – Miguel-F Oct 21 '13 at 16:56
  • In addition to UN and password, they have also provided me with sample return XML response. Do you think that I still need to have their API documentation because the API documentation also defines the SOAPAction that must be included with the request ? – Jack Oct 21 '13 at 17:00
  • Yes. I would hope that their documentation not only includes sample return XML response but also the expected input XML request. It should also tell you how and where to send the username and password. In the request headers, in the XML headers, in the XML body, etc. – Miguel-F Oct 21 '13 at 17:03
  • Actually I just figured out that the WSDL I have with me doesn't have any API documentation available because the WSDL belongs to a small company. I just have the sample SOAP response available with me. Is it possible to figure out the sample XML request based on WSDL and SOAPAction that I think should be included in the request? Is there any documentation available besides Ben Nadel's one where such things are done? Thanks – Jack Oct 21 '13 at 17:20
  • I think you are missing my point. Their service is specific to them. They have written it and defined what parameters are required and how they must be passed. Ben's post is a great piece that should get you started. Without documentation you are left with just trying different things in your code. See what works and what doesn't I'm afraid. – Miguel-F Oct 21 '13 at 17:27
  • Hmm, I try how Ben's post is working and then try to play with the WSDL I have. – Jack Oct 21 '13 at 17:33
  • @Miguel-F I still feel like I need to convert the DEM file format to PEM using OpenSSL tool based on the following documentation http://support.citrix.com/article/CTX106630 . But as you suggested `You've already imported their certificate into the keystore for ColdFusion so you should be good to go`, is there any reason you mentioned this? – Jack Oct 23 '13 at 18:23
  • Have you tried to connect? Are you getting an error? – Miguel-F Oct 23 '13 at 19:57
  • @Miguel-F Yup, I have been constantly getting `Connection Failure: Status code unavailable ` error message. – Jack Oct 23 '13 at 20:29
  • `Connection Failure` is not typically a certificate/SSL handshake error. – Miguel-F Oct 24 '13 at 21:08
  • Thanks for your input @Miguel.Well, I figured out the problem. One thing I noticed is that unless the WSDL has https defined, it's not required to do different format conversions from DEM to PEM, and then use DEM and PEM files to generate a .p12 certificate. Since, my case doesn't require https, I just needed to use the importing certificate steps which I did correctly but unfortunately, my coldfusion server was pointing to different JDK and not the one that comes with Coldfusion where I imported my certificate. – Jack Oct 25 '13 at 23:49
  • contd... Hence, it was appearing as if I haven't imported certificate at all and hence getting the error. – Jack Oct 25 '13 at 23:50
  • Well I'm glad you figured that out but I mentioned that in my answer to you on how to import a certificate and in the comments of another one of your questions. Anyway glad you got it working. – Miguel-F Oct 26 '13 at 12:20
  • Thanks.You have been of great help @Miguel-F. – Jack Oct 27 '13 at 19:47

0 Answers0