client cert and clientcertpassword in cfhttp

About

Asked 20/10, 2013 at 22:26 Answered 20/10, 2013 at 22:26

Recently I am done with the SSL certification installation procedure in the Coldfusion Truststore, I'm getting Attribute Validation error now which clearly states that I need to have cfhttp in my code. I understood that. So,I'll have to use cfhttp something like the following: method = "post", clientCert = ?? and clientCetPassword = ?? result = "xyz"

I came across some posts (forums.adobe.com/message/800318) and there they have mentioned that clientcert should include file with format, .pkcs ? If yes, then, I'm wondering from where should I bring this file and am I following the correct procedure? Is it the same file that I downloaded in the DER format? Please throw some light on this.

Does anyone know any good source where I can read about sending clientCert and clientcertPassword related stuff? Adobe docs aren't much informative for me.

Thanks

P.S: The SSL instalaltion work I did is mentioned at one of my previous post. Please take a look.

Getting Unable to read WSDL error

Enlace answered 20/10, 2013 at 22:26 Comment(16)

PKCS is not a file extension, it is a group of public-key cryptography standards. You've already imported their certificate into the keystore for ColdFusion so you should be good to go. You need to read your third-party's API documentation to learn how they want the username and password sent to them. As far as using cfhttp to make the SOAP request Ben Nadel has an excellent write up on the topic Making SOAP Web Service Requests With ColdFusion And CFHTTP. – Pignut 21/10, 2013 at 13:3

@Miguel Okay, so you meant to say that I don't need to include clientCert and Clientcertpassword fields while using cfhttp? Also, by saying that I need to learn third party documentation, did you mean that they have some specific documentation for sending username and password or are you referring to the WSDL they have provided? P.S: they have already provided username and password. Please clarify – Enlace 21/10, 2013 at 16:33

No I am not saying that you don't need to include the clientCert and Clientcertpassword fields. By third party I mean the provider that is giving you access to their service. If they want anyone to be able to use their services then they must provide you documentation on how to use their services. Not just a WSDL. – Pignut 21/10, 2013 at 16:56

In addition to UN and password, they have also provided me with sample return XML response. Do you think that I still need to have their API documentation because the API documentation also defines the SOAPAction that must be included with the request ? – Enlace 21/10, 2013 at 17:0

Yes. I would hope that their documentation not only includes sample return XML response but also the expected input XML request. It should also tell you how and where to send the username and password. In the request headers, in the XML headers, in the XML body, etc. – Pignut 21/10, 2013 at 17:3

Actually I just figured out that the WSDL I have with me doesn't have any API documentation available because the WSDL belongs to a small company. I just have the sample SOAP response available with me. Is it possible to figure out the sample XML request based on WSDL and SOAPAction that I think should be included in the request? Is there any documentation available besides Ben Nadel's one where such things are done? Thanks – Enlace 21/10, 2013 at 17:20

I think you are missing my point. Their service is specific to them. They have written it and defined what parameters are required and how they must be passed. Ben's post is a great piece that should get you started. Without documentation you are left with just trying different things in your code. See what works and what doesn't I'm afraid. – Pignut 21/10, 2013 at 17:27

Hmm, I try how Ben's post is working and then try to play with the WSDL I have. – Enlace 21/10, 2013 at 17:33

@Pignut I still feel like I need to convert the DEM file format to PEM using OpenSSL tool based on the following documentation support.citrix.com/article/CTX106630 . But as you suggested You've already imported their certificate into the keystore for ColdFusion so you should be good to go, is there any reason you mentioned this? – Enlace 23/10, 2013 at 18:23

Have you tried to connect? Are you getting an error? – Pignut 23/10, 2013 at 19:57

@Pignut Yup, I have been constantly getting Connection Failure: Status code unavailable error message. – Enlace 23/10, 2013 at 20:29

Connection Failure is not typically a certificate/SSL handshake error. – Pignut 24/10, 2013 at 21:8

Thanks for your input @Miguel.Well, I figured out the problem. One thing I noticed is that unless the WSDL has https defined, it's not required to do different format conversions from DEM to PEM, and then use DEM and PEM files to generate a .p12 certificate. Since, my case doesn't require https, I just needed to use the importing certificate steps which I did correctly but unfortunately, my coldfusion server was pointing to different JDK and not the one that comes with Coldfusion where I imported my certificate. – Enlace 25/10, 2013 at 23:49

contd... Hence, it was appearing as if I haven't imported certificate at all and hence getting the error. – Enlace 25/10, 2013 at 23:50

Well I'm glad you figured that out but I mentioned that in my answer to you on how to import a certificate and in the comments of another one of your questions. Anyway glad you got it working. – Pignut 26/10, 2013 at 12:20

Thanks.You have been of great help @Miguel-F. – Enlace 27/10, 2013 at 19:47

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags