Getting Unable to read WSDL error
Asked Answered
K

1

6

This is first time I'm using SOAP.I'm trying to invoke a webservice using cfinvoke which is as follows:

<cfinvoke  
    webservice="https://xyz/infoLookup.php?wsdl" 
    method="infoLookup" 
    returnVariable="info"
    > 

    <cfinvokeargument name="phoneNumber" value="7182973186"/>
    <cfinvokeargument name="userName" value="12345"/>
    <cfinvokeargument name="password" value="password"/> 
</cfinvoke> 

<cfdump var="#info#">

And here is a part of the message name from the WSDL :

<message name="infoLookupRequest">
  <part name="phoneNumber" type="xsd:string" /> 
  <part name="userName" type="xsd:string" /> 
  <part name="password" type="xsd:string" /> 
</message>

And here is a part of Operation name from WSDL:

  <portType name="vtsInfoLookupPortType">
- <operation name="infoLookup">
  <documentation>Get phone number information.</documentation> 
  <input message="tns:infoLookupRequest" /> 
  <output message="tns:infoLookupResponse" /> 
  </operation>
  </portType>

I'm getting the following error:

Unable to read WSDL from URL: https://xyz/infoLookup.php?wsdl.
Error: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.

The error occurred in C:\XYZ\A\Soap\soapreq.cfm: line 37

35 : <cfinvokeargument name="phoneNumber" value="7182973186"/>
36 : <cfinvokeargument name="userName" value="12345"/>
37 : <cfinvokeargument name="password" value="password"/> 
38 : </cfinvoke> 
39 :  

I have tried to search for the error online but couldn't figure how what's wrong in my code. Please let me know if I'm doing something wrong

Kosiur answered 16/10, 2013 at 19:53 Comment(5)
I believe I need to import SSL certificate into coldfusion trust store. But before that am I passing the variables properly in my code?Kosiur
Yes if it is behind SSL then ColdFusion will need the certificate to communicate with it. Your code looks okay so why not just try it? Also, you should be able to browse the WSDL yourself to verify you can get it before running your code. Just browse to https://xyz/infoLookup.php?wsdl and see what happens.Mcgrody
When I browsed the WSDL, it's working fine. The WSDL is opening up in Internet Explorer. I believe I still have to import the certificate into Coldfusion Trust Store.Kosiur
@Mcgrody By any chance you meant to say that if WSDL is opening in web browser then I shouldn't have been going into the hassle of importing the certificate?Kosiur
@nitantkumar no that is not what I meant. I just meant to notify you that you could test accessibility to the WSDL by browsing to it. I believe you are correct that the certificate needs to be imported for ColdFusion to access it. Make sure you import the certificate to the correct Java version keystoreMcgrody
M
3

Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

  • Server Configuration:

    cf_root/runtime/jre/lib/security/cacerts

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/lib/security/cacerts

  • Sun JDK installation:

    jdk_root/jre/lib/security/cacerts

  • Consult documentation for other J2EE application servers and JVMs

In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.

  1. Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
  2. View the certificate by clicking on the lock icon and clicking view certificate
  3. Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
  4. Click on IE's Internet Options and click the Content tab
  5. Click the Certificates button
  6. Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
  7. Export using DER format

Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)

  1. Run cmd prompt as administrator on the ColdFusion server
  2. Make a backup of the original cacerts file in case you run into issues

The keytool is part of the Java SDK and can be found in the following places:

  • Server Configuration:

    cf_root/runtime/bin/keytool

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/bin/keytool

  • Sun JDK installation:

    jdk_root/bin/keytool

  • Consult documentation for other J2EE application servers and JVMs

To install the cert:

  1. Change directory to your truststore's location (where the cacerts file is located)
  2. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -import -v -alias your_cert_alias_name -file C:\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit
  3. Type yes at the prompt to "Trust this certificate?"

Note: *your_cert_alias_name* I used above can be whatever you want
Note: *C:\wherever_you_saved_the_file\cert_file.cer* change these values to whatever you use for the server folder and certificate file name

To verify the cert:

  1. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

Note: *your_cert_alias_name* use the same name here that you used above to install the cert

Restart the ColdFusion service It will not read the updated cacerts file until you do this.

You can delete the imported certificate file from the server if you wish.

Mcgrody answered 18/10, 2013 at 12:40 Comment(5)
Thank you Miguel F for very nice description. I successfully installed it and saw it listed after verifying it.Kosiur
Okay, so now I have figured out and done with the SSL certification installation procedure in the Coldfusion Truststore, I'm getting Attribute Validation error now which clearly states that I need to have cfhttp. I understood that. So,I'll have to use cfhttp something like the following: ` url="xyz/infoLookup.php?wsdl", method = "post", clientCert = ?? and clientCetPassword = ?? result = "xyz"`.Kosiur
I came across some posts (forums.adobe.com/message/800318) and there they have mentioned that clientcert should include file with format, .pkcs ? If yes, then, I'm wondering from where should I bring this file and am I following the correct procedure? Is it the same file that I downloaded in the DER format? Please throw some light on this.Kosiur
@nitantkumar please ask a new question for thisMcgrody
Done. Thanks. Please find it here: #19484116Kosiur

© 2022 - 2024 — McMap. All rights reserved.