What's up around Concord?

This week the Concord Public Library launched it's new website. Some of the new features on the website include access to the Special Collections including original survey diagrams by Thoreau, as well as a Brief History of Concord.

Since April or May of this year the library has been closed while under renovations and additions. It's expected to reopen in January, and I supposed the new and improved website is part of the PR to build anticipation for the reopening. I for one have been anticipating the reopening for quite a while. I live just a couple blocks from it, and I can't wait to start spending my weekends there in new reading rooms. For me, the library has been particularly difficult to concentrate in because of the creaky floor boards.


SSLPeerUnverifiedException while consuming webservices on SSL websites

If consuming webservices from ColdFusion MX while specifying a wsdl location that resides on an SSL enabled website, the code may produce the error below if the certificate authority of the SSL website is not already trusted by inclusion in the cacerts certificate store file.

To correct the problem, import the certificate into the cacerts file used by the JVM under ColdFusion MX, using the keytool utility.

For more on using the keytool, refer to my earlier blog for a similar problem with CFHTTP and SSL websites.

Could not generate stub objects for web service invocation.
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated It is recommended that you use a web browser to retrieve and examine the requested WSDL document for correctness. If the requested WSDL document can't be retrieved or it is dynamically generated, it is likely that the target web service has programming errors.

Stack Trace
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA6275)
at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:2949)
at HTTPClient.HTTPConnection.handleRequest(HTTPConnection.java:2767)

Oreja de burro: Recursive Entity Relationship

In Schoenhof's Foreign Books in Harvard Square, I recently picked up a great English-Spanish Telecommunications Dictionary. Its a fantastic desk reference if you ever have a need to rewrite an application from one language to the other, as was recently done with this English translation of FlashBlog.

Diccionario de inform·tica y telecomunicaciones (ingles-espaÒol)
Author: Moreno MartÃŒn, Arturo
ISBN: 8434428865
Published: 2001

If you're wondering, Oreja de burro is listed as the translation for Pig's Ear where the definition is a recursive entity relationship. I can definitely say that I never heard of Pig's Ear ever used in informatics circles.

How to connect ColdFusion MX to MySQL 4.1 database

UPDATE: This article has been published as a technote, and later updated for MySQL 4 and 5.

Having not gone to Macromedia MAX this year, I'm glued to the tube this evening watching the 2004 presidential election results. Dan Rather's pontifications, prognostications, and random musings are starting my make my eyes glaze over, so to remedy that, I'll take a quick break here to share some information about how to connect to MySQL 4.1 from ColdFusion MX server.


The certificate store file cacerts is overwritten during upgrade

When upgrading from ColdFusion MX†6.0 to 6.1 or 6.1 to 6.1 Updater†be aware that the cacert file will be overwritten.† This may be important to you if you rely on the CF internet protocol tags to connect to SSL enabled websites, including the CFHTTP and CFLDAP tags.

The default set of certificates stored in cacerts was increased between 6.0 and 6.1, but one person has confirmed that at least one default certificate was lost during that change.† If you performed custom imports of certificates into the cacerts file with the keytool utility, then both the upgrade and the update will overwrite the cacerts file and your custom certificate imports will be lost. You'll have to run the keytool utility again†to re-import those custom certificates.†

See also my blog on using the keytool utility.

(Today!) Verity Webinar: Incorporating Search Functionality in ColdFusion

Verity Training Webinar

Friday, September 24, 2004
10:00 am PDT/1:00 pm EDT

Register today for a FREE Webinar from Macromedia and Verity and learn how to unlock and extend the powerful search capabilities included in your copy of ColdFusion. In this educational Webinar, product experts from Macromedia and Verity will demonstrate how to:

  • Utilize the powerful search functionality included in ColdFusion

  • Incorporate searches for content located inside and outside of ColdFusion

  • Rapidly implement a wide range of search features including Contextual Summaries and Spelling Suggestions.

  • Enhance the relevancy of results by using Quick Links and more


Mach II Training on Monday and Multimedia with Flash This Semester

I'm heading down to the D.C. area on Sunday to Monday to attend Hal Helms' one day crash course on Mach II. Beyond ColdFusion Adminstration and CFML syntax, I'd like to be a better developer by learning how a to use a pratical framework to get things off the ground faster and make it easier to make changes later.

I'll miss MXimize Macromedia Design and Development Conference in Boston this weekend, but I think I'll make up for it while taking the Havard Extension School class on Understanding and Developing Multimedia this semester. I'm taking the class as a distance student because getting to Cambridge from work on a week night is always a hassle and Harvard has high quality video feeds of the actual class so its just like being there. Check it out, you can view the first lecture without registering.

The Race Condition of Conflicting SSL Certificate Stores

According the behavior I've observed today, a JVM loads one and only one SSL certificate store (keystore) at runtime. The JVM under ColdFusion comes with a default keystore having many popular SSL certificate types already imported into it. That default keystore is {cfmx}/runtime/jre/lib/security/cacerts. However, if you programmatically load a different keystore, then you will encounter a race condition where only one of the two certificate stores is loaded. The certificate store that gets loaded first is used by the JVM for all subsequent SSL connections. If the certificate stores have disparate certificates imported into them, then some SSL connections probably won't work and will vary back and forth every time the server restarts.


Small Gotcha with CFHTTP To SSL Enabled Web Sites

When connecting to an SSL enabled website using the CFHTTP tag in ColdFusion MX, be sure to lowercase the protocol https. Using the upppercase of the protocol HTTPS might cause the CFHTTP tag to hang until it times out, returning Connection Failure for the Status Code. I've seen some SSL websites work with CFHTTP when using a protocol as either uppercase or lowercase, such as HTTPS://login.yahoo.com, but I've seen others behave problematically.


Using Keytool to Import SSL Certificates into Sun JDK

I've recently seen a little discussion on CFTalk about importing SSL certificates into the JVM keystore used by the JVM under ColdFusion MX in order to connect to SSL enabled resources, such as LDAP servers or Web Servers while using either the tags CFLDAP, CFHTTP, or CFINVOKE. I've also found myself having to do this for the first time recently. During that process I stumbled on what turned out to be a bug in the JVM 1.4.2-b28 that ships with ColdFusion MX 6.1 by default.

I saved the SSL certificate to my ColdFusion directory runtime/jre/lib/security, as shown in this image. When using that JVM's keytool utility, described here in the Sun documentation, to import the certificate, I received an error indicating that the certificate which I exported from the SSL website was not valid, and I knew that was incorrect as someone else had just imported the same certificate their machine.


Previous Entries / More Entries