« Content management with web standards in mind | Zillow.com »
February 8, 2006
Enabling web services over SSL in ColdFusion
I recently ran into a problem while trying to access a web service from within ColdFusion on our new testing server. It took me a while to get it working because the ColdFusion error messages weren’t very descriptive or helpful in pointing me to the cause of the problem. While searching for a solution, I came across a lot of unanswered forum posts from others who appeared to be experiencing the same problem so I thought I’d share my problem and the solution I finally found.
The Problem
The <cfinvoke> tag that I was using to call the web service was returning this error message:“Could not generate stub objects for web service invocation.”I tried to use the administrative console to add the web service, and it returned this error message:
“Error creating web service. Please ensure that you have entered a correct Web Service name or URL.”As I mentioned earlier, neither error message provided me with much insight as I know that there was nothing wrong with the web service itself (or the URL) because it was working fine from our development server. I discovered that I could not manually access the WSDL URL from within a browser due to a firewall restriction. After getting the firewall issue resolved I was still was getting the same error messages. So I began doing Google searches on the error messages. I discovered that these error messages seemed somewhat common, but I couldn’t find any solutions that seemed to apply in my case.
The Solution
Finally I found a link that hinted that ColdFusion could not access any secure URLs (beginning with HTTPS) unless it contained the server’s SSL certificate (or the certificate’s issuer’s certificate) in its certificate store. Bingo! My web service was indeed located at a secure URL and the server’s SSL certificate was issued by an unknown certificate authority. After inserting the certificate authority’s certificate into the key store and restarting ColdFusion, everything magically worked. So how do you import a certificate into the key store? Well, instead of going through the effort to explain that here, I’m just going to point you to a few of the links that helped me figure it out: ColdFusion MX: Configuring Secure SSL Connection with LDAP Directory Server Enabling SSL SSL and the trusted keystore in Java
Update
There is a custom administrator extension named CertMan that allows you to view, add, and delete SSL certificates from within the ColdFusion administrator. This GUI is way more user friendly than using the command line.
Posted at 10:53 AM in Web Development
Comments
Just want to say thanks for this post it helped me with an error connecting to a web service via SSL.
Posted on May 26, 2009 at 11:15 AM
2. Dennis says:
Thank you! After reading countless unanswered posts, I stumbled upon this page which solved my problem.
Posted on August 20, 2009 at 5:39 AM
1. Ryan says: