将第一个数据证书导入 ColdFusion

发布于 2024-11-09 22:09:34 字数 377 浏览 7 评论 0原文

我尝试使用 keytool 将证书从 First Data 导入到我的 ColdFusion 9 设置中，如下所示：

keytool -importcert -keystore MYCF9Dir\runtime\jre\lib\security\cacerts -trustcacerts -alias firstdata -file FirstData.pem

导入似乎有效，但是当我通过任何 ColdFusion 函数或标记访问 WSDL 时，它会抛出“I/O 异常：已接收”致命警报：握手失败”。这告诉我它无法使用其拥有的证书访问该网站，或者找不到它。

那么，我是否正确导入了证书？如果是的话，我还能如何使用 ColdFusion 访问此 WSDL？

原文

I've tried to import the certificate from First Data into my ColdFusion 9 setup using the keytool as so:

keytool -importcert -keystore MYCF9Dir\runtime\jre\lib\security\cacerts -trustcacerts -alias firstdata -file FirstData.pem

The import seems to work, however when I access the WSDL via any ColdFusion function or tag it throws a "I/O Exception: Received fatal alert: handshake_failure". Which tells me it can't access the site with the certificates that it has, or can't find it.

So, am I importing the certificate correctly? And if I am, how else can I access this WSDL with ColdFusion?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

微凉徒眸意 2024-11-16 22:09:34

您是否考虑过使用 .crt 文件而不是 .pem 文件？
我刚刚使用过

keytool -importcert -keystore C:\Coldfusion9\runtime\jre\lib\security\cacerts -trustcacerts -alias myserver -file myserver.crt

，现在效果很好。

希望这有帮助。

Have you considered using the .crt file instead of the .pem file?
I just used

keytool -importcert -keystore C:\Coldfusion9\runtime\jre\lib\security\cacerts -trustcacerts -alias myserver -file myserver.crt

And now it works just fine.

Hope this helps.

回复收藏 0 原文

伴我老 2024-11-16 22:09:34

当我与 Java 集成时，我遇到了同样的问题。虽然我不确定您会在 ColdFusion 中做什么，但我想这可以为您指明正确的方向。

为了避免这个问题，您需要创建一个 SSLContext 并将其手动提供给第一个数据服务器，然后才能执行其他操作。

在 Java 中，这就是我所做的：

KeyStore ksjks = KeyStore.getInstance(KeyStore.getDefaultType());
ksjks.load(new FileInputStream("/path/to/your/p12/file"),"password".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ksjks, "password".toCharArray());

SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(kmf.getKeyManagers(), null, null);

SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

您可以在客户端中使用此上下文，如下所示：

URL url = new URL("serverUrl");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
urlConn.setSSLSocketFactory(sslSocketFactory);

希望对您有帮助。和平！

I had the same issue when I was integrating with Java. Though I'm not sure what you would do in ColdFusion but I imagine this can point you in the right direction.

To avoid the issue, you would need to create a SSLContext and present it to the firstdata server manually before you can do anything else.

In Java this is what I did:

KeyStore ksjks = KeyStore.getInstance(KeyStore.getDefaultType());
ksjks.load(new FileInputStream("/path/to/your/p12/file"),"password".toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ksjks, "password".toCharArray());

SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(kmf.getKeyManagers(), null, null);

SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

And you would use this context in your client as follows:

URL url = new URL("serverUrl");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
urlConn.setSSLSocketFactory(sslSocketFactory);

Hope that helps you. Peace!

回复收藏 0 原文

梦里人 2024-11-16 22:09:34

我遇到了类似的问题，以防万一有人面临同样的问题，这就是我解决我的问题的方法。我有一个 .pem 文件，这表明它已成功导入到 ColdFusion 内的 Cacert 密钥库中，但我试图访问的远程 API（服务器）由于某些原因无法识别该证书。因此，我首先使用 OpenSSL 将 .pem 证书转换为 PKCS12 格式文件 - 此链接有帮助：http://cc.in2p3.fr/docenligne/84/en#0.4（在底部）。然后我使用了 CFHTTP CF 标签，如下所示：

        <cfhttp
        url="https://urlToAPI"
        method="POST"
        clientCert="path to the file (.p12)"
        clientCertPassword="password"
        result="result">

这为我完成了。我希望它能帮助某人。

I had a similar issue and just in case someone is facing the same issue, this is how I solved mine. I had a .pem file and this was showing it has imported successfully in the Cacert keystore within ColdFusion but the remote API(server) I was trying to hit was not recognising the certificate for some reasons. So I first of all converted the .pem certificate into a PKCS12 format file using OpenSSL - this link helped:http://cc.in2p3.fr/docenligne/84/en#0.4 (at the bottom). I then used the CFHTTP CF tag like below:

        <cfhttp
        url="https://urlToAPI"
        method="POST"
        clientCert="path to the file (.p12)"
        clientCertPassword="password"
        result="result">

This did it for me. I hope it helps someone.

回复收藏 0 原文

~没有更多了~