开发者

Coldfusion: CFHTTP with SSL encrypted Page (https://) - got an error

开发者 https://www.devze.com 2022-12-14 08:05 出处:网络
I\'m making an cfhttp to conn开发者_运维问答ect to an encrypted page. Seems to work fine for some sites.

I'm making an cfhttp to conn开发者_运维问答ect to an encrypted page. Seems to work fine for some sites.

I/O Exception: Name in certificate `pro.test.com' does not match host name `go.test.com'

Is there a workaround to trust this certificate even if the host name doesn't match?


Think this is more Java question, and workaround should be affecting the JRE.

Not sure if this will work in your case, but possible solution is to import this certificate into the JRE keystore.

Generic description can be found at Sun website. Though process is pretty simple.

First you should navigate the needed HTTPS URL with your browser and export the cert using SSL properties (don't remember how it is done in IE, but in Firefox something like Security > View cert > Details > Save as -- still not sure because using non-English licalization), any X.509 type should work.

Next you should import it using keytool. Navigate to the current CF JRE's bin, execute the following command (replace arguments with your values) and restart CF:

keytool -keystore <path to keystore> -import -file <path to certificate> -alias <alias>

BTW, there is a UI tool for this, but I haven't used it so can't say if it works fine.


The sites that are probably working have a valid SSL Certificate from a trusted authority.

If you have control of pro.test.com, the preferred answer would be to get a valid cert for pro.test.com installed. But if that is not possible for some reason, I see two other options:

1) Do a try/catch where you try to connect via https, and fall back on http in the event of an SSL error. Obviously this would eliminate encryption for the failed connection.

or

2) Use Sergii's solution to import the key for that site into the Java keystore.


If go.test.com is just a development server, in that case you can create a self-signed certificate and import it into Java keystore. That way you can save up on cost by not paying to CA and get a quicker turnaround to resolve the issue

0

精彩评论

暂无评论...
验证码 换一张
取 消