« Content management with web standards in mind | Zillow.com »
February 8, 2006
Enabling web services over SSL in ColdFusion
I recently ran into a problem while trying to access a web service from within ColdFusion on our new testing server. It took me a while to get it working because the ColdFusion error messages weren’t very descriptive or helpful in pointing me to the cause of the problem. While searching for a solution, I came across a lot of unanswered forum posts from others who appeared to be experiencing the same problem so I thought I’d share my problem and the solution I finally found.
The Problem
The <cfinvoke> tag that I was using to call the web service was returning this error message:“Could not generate stub objects for web service invocation.”I tried to use the administrative console to add the web service, and it returned this error message:
“Error creating web service. Please ensure that you have entered a correct Web Service name or URL.”As I mentioned earlier, neither error message provided me with much insight as I know that there was nothing wrong with the web service itself (or the URL) because it was working fine from our development server. I discovered that I could not manually access the WSDL URL from within a browser due to a firewall restriction. After getting the firewall issue resolved I was still was getting the same error messages. So I began doing Google searches on the error messages. I discovered that these error messages seemed somewhat common, but I couldn’t find any solutions that seemed to apply in my case.
The Solution
Finally I found a link that hinted that ColdFusion could not access any secure URLs (beginning with HTTPS) unless it contained the server’s SSL certificate (or the certificate’s issuer’s certificate) in its certificate store. Bingo! My web service was indeed located at a secure URL and the server’s SSL certificate was issued by an unknown certificate authority. After inserting the certificate authority’s certificate into the key store and restarting ColdFusion, everything magically worked. So how do you import a certificate into the key store? Well, instead of going through the effort to explain that here, I’m just going to point you to a few of the links that helped me figure it out: ColdFusion MX: Configuring Secure SSL Connection with LDAP Directory Server Enabling SSL SSL and the trusted keystore in Java
Update
There is a custom administrator extension named CertMan that allows you to view, add, and delete SSL certificates from within the ColdFusion administrator. This GUI is way more user friendly than using the command line.
Posted at 10:53 AM in Web Development
Comments
Just want to say thanks for this post it helped me with an error connecting to a web service via SSL.
Posted on May 26, 2009 at 11:15 AM
2. Dennis says:
Thank you! After reading countless unanswered posts, I stumbled upon this page which solved my problem.
Posted on August 20, 2009 at 5:39 AM
3. Mark Landmann says:
certman is missing a header.cfm file. Seems to work if you comment it out.
Posted on March 6, 2011 at 7:47 PM
4. Paul Connell says:
Header file - that was part of the CFIDE/administrator system - I've got it running in CF 8.0.1 so I assume you are running it from CF9/CFMX7?
As I've not got those versions running currently I've not been able to check all the compatibility issues - let me know what version of CF you are running and I'll do my best to fix it.
Posted on May 17, 2011 at 4:27 AM
5. Joshua Glovinsky says:
Mark Landmann,
I had the same error but after a closer look when I extracted the zip it had the structure certman->certman. I remover the extra folder from the hierarchy and everything works fine.
Paul Connel,
I am using CF9 btw and it seems to work very well.
Thanks,
Josh
Posted on June 6, 2011 at 11:07 AM
6. Michael Workman says:
I first encountered this issue some time ago and it was very frustrating to deal with. We had critical business data we needed to exchange with a vendor over SSL webservice with our main web application, and we also encountered this error, thanks for taking the time to post this solution. We were considering implementing the webservice consumer with ASP .NET, but thanks to your solution we can do it with ColdFusion.
Posted on July 8, 2011 at 6:36 AM
7. Chung Lee says:
I am getting "Error: Invalid or corrupt key file" message when adding certificate. How do I get around this? Thanks.
Posted on August 2, 2012 at 12:07 PM
8. Richard Davies says:
Chung Lee, are you trying to add the certificate using the command line 'keytool' program? This sounds like either you're executing it from the wrong directory or the path you've specified to the cacerts file (via the -keystore argument) is invalid. Basically, it's trying to import the cert into the keystore file but you haven't pointed it at the correct keystore file.
Posted on August 2, 2012 at 1:02 PM
9. Chung Lee says:
Hello Richard Davies, thank you for your reply. I'm actually trying to add the cert by using the CertMan when I encountered the error.
Posted on August 2, 2012 at 1:40 PM
10. Richard Davies says:
Chung Lee, in that case all I can suggest is that perhaps the certificate you're trying to import is in the wrong format. I believe the correct format is DER base64 encoding.
Posted on August 2, 2012 at 2:10 PM
11. luckyBoy says:
HELP!
I'm running CF 9 on IIS (Windows 2003). I'm getting the following error:
"Cannot perform web service invocation methodname"
.
.
.
Axis Fault
faultCode: {http:....../}FailedAuthentication
.
.
.
faultString: User has not been authenticated: Verify you are using 2-way SSL.
Already generate my cert and did keytool too. BTW, the other server is Linux.
Posted on August 6, 2012 at 3:55 PM
1. Ryan says: