ColdFusion Protocol Tags CFHTTP, CFINVOKE, CFLDAP support SSLv2

My reply to a comment to an earlier blog entry about importing SSL certificates into ColdFusion cacerts file for CFHTTP purposes warrants its own blog entry here as a separate topic.

The comment:

[cfhttp url=" method="post" port="xxx" proxyserver="xxxx" proxyport="xxx" >

I am having the same problem but I am using BlueDragon and CFMX. I am trying to connect to vendor using CFHTTP to send a XML file. The vendor keeps telling me that I am faliing the SSL handshake on his side. I was told by him that I needed to purchase a certificate form a trusted third party which we did (Verisign). This certificate was installed by my server team but I am refused connection at the vendor.

Do I need to export the vendors certificate and install it on my WebLogic server using the Keytool.

It sounds as if the vendor is requiring SSLv3 with client authentication, rather than SSLv2 with only server authentication. The documentation here describes the conditions where you may have to import a certificate into ColdFusion for SSLv2 for server authentication, but this is often confused with the requirement for client auth:

To use HTTPS with the cfhttp tag, you might need to manually import the certificate for each web server into the keystore for the JRE that ColdFusion uses. This procedure should not be necessary if the certificate is signed (issued) by an authority that the JSSE (Java Secure Sockets Extension) recognizes (for example, Verisign); that is, if the signing authority is in the cacerts already. However, you might need to use the procedure if you are issuing SSL (secure sockets layer) certificates yourself.

Lets back up a moment to consider the practical difference between SSLv2 and v3. First, imagine a simple HTTPS connection between a browser and server. A user at a browser types in the URL of a website beginning with https:// and the brower makes the request. Lets assume that the server is using SSLv2. The request gets to the server and the server replies with a message header stating it supports SSLv2 and sends its certificate. The browser receives the SSL certificate, inspects it, and negotiates a session key to be used for the remainder of the request/repsonse communication. This negotiation period is known as the SSL handshake.


Configuring ColdFusion Multiple Instances with Apache Virtual Hosts... Again

Over the past few months I recall that I've been asked on several occassions how to configure multiple Apache Virtual Hosts for multiple JRun server instances or multiple JRun clusters (with or without ColdFusion).

This topic is actually explained very well on page 4 of an article written by Brandon Purcell a few years ago, and is still relevant to current versions.

Installing and Configuring ColdFusion MX 6.1 Multiple Instances with IIS and Apache Virtual Hosts