"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".
After some research I found that the issue was due to the SSL validation error in the web service call of the Payment gateway:
These are the steps which I followed to recover from that issue:
- Browse the SSL enabled url(wsdl url from web service) from the FireFox.
- Click the extreme left of your browser URL address bar to view the SSL certificate.As shown below.
- Click on "More Information" button as shown below.
- Click on "View Certificate" button as shown below.
- Click on "export" button as shown below.
- Save the file in some location then change the extension of the file to ".cer" from any other extension.
- Copy the file into “{ColdFusion-Root}\runtime\jre\lib\security” .
- Open your command prompt then go to "{ColdFusion-Root}\runtime\jre\lib\security".
- Run the following command:
- "keytool -import -keystore cacerts -alias <any Unique Name> -file <fileName>.cer"
- Enter the password: "changeit"(This is the default password and it will not be visible to the user while typing)
- Then you will get one confirm message in command prompt type "Yes".
- After that you will get one message :"Certificate was added to keystore".
After the above steps restart your ColdFusion Server. Then the web service will work.
Good One.
ReplyDeleteThanks..
DeleteThanks but have a question:
DeleteKeytool is not a recognized command how to run it?
It seems your bin path is not set in environment variable. Keytool present in "C:\Program Files\Java\jdk1.7.0_11\bin"(This is in my machine, may be different for you). You have to set up this path in environment then it will work.
DeleteThanks for your response, I runned this command:
DeleteC:\JRun4\jre\bin>keytool -import -keystore cacerts -alias any_name -file c:\JRun4\jre\lib\security\some_name.cer
but when i restart my server the problem wans't solve ¿i've missed something? please i need help
If you are facing the problem "Keytool is not a recognized command". Then see whether "Keytool" is present in that particular directory or not. If it not there then please install a latest jre or jdk in your machine then you can use "Keytool" of that.
DeleteIf your getting some different error then please give me details.
Keytool is present in c:\JRun4\jre\bin the command executed succesfully but the error:
Deletejavax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
continue throwing
I need some time to replicate the issue on my development box.
DeletePlease provide me following details :
1. Which version of ColdFusion. Is it Single Server or Multi server installation.
2. If possible please provide me the Web Service URL.
My coldfusion server: ColdFusion 9 Multi-server installation
DeleteWeb Service: https://www.multimerchantvisanet.com/WSPasarelaVisa/ValidaPost.asmx?wsdl
The cert is on the cert-store but the problem now is that my server is not consuming the webservice response, any suggestion?
DeleteSorry!!! I couldn't able to see the issue in my local development machine. Also I am using a single instance installation not mullti server.
DeleteI'm running ColdFusion 10; added the certificate to the keystore but still get the message "Error: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.".
DeleteWhen I run the SOAP request over HTTP is working correct, over HTTPS it doesn't...
I'm working with a Self-Signed Certificate, is this a problem?
Yes, I think so. You have to install your ssl certificate in your cf server.
DeleteThis was very helpful, thanks for posting! Great work. Easy to understand and follow your steps.
ReplyDeleteGood to know.
ReplyDeleteRoul = did you see my email about part time cold fusion programming on projects here in the US?
DeleteWhen you say : "After the above steps restart your ColdFusion Server. Then the web service will work"
ReplyDeleteIt is good to understand that it means restart the server and not only the deployment (e.g in Weblogic)
Yes, I mean the application server.
DeleteUpendra, do you know the steps to take for this issue in Cold Fusion 10?
ReplyDeleteHi Mike,
DeleteCan you check the above steps in "{ColdFusion 10 Root}\jre\lib\security\" directory.
Excellent article, and a life-saver!
ReplyDeleteSo the obvious question is... how/why did this exception come up after months of not showing up? We had the same experience- no single line of code change, all transactions working fine, and all of a sudden, this appeared!
This was likely because of some change in the certificate itself.
DeleteVery nice, thank you! Do note that this solution only works on Windows, here is the solution for those with CF on a Mac:
ReplyDelete1. instead of going to {ColdFusion-Root}\runtime\jre\lib\security, go to /Library/Java/Home/lib/security to place your certificate. You will be prompted to enter the computer's admin password.
2. instead of running the command:
keytool -import -keystore cacerts -alias -file .cer,
enter this command from Terminal:
sudo keytool -import -keystore cacerts -alias -file .cer
Notice the "sudo" in the beginning so that you run this command as the Admin.
Thanks a lot!!!
DeleteDo you only need the web service cert of the entire cert chain from CA to webservice?
ReplyDeleteNot getting you exactly. Can you please explain.
DeleteAfter "Certificate was added to keystore",I am getting an error as java.io.FileNotFoundException:cacarts
ReplyDeleteIf you can provide exact stack trace then it would be easier to find out cause of the issue.
DeleteLast 3 lines on command prompt are as :
ReplyDeleteTrust this certificate?
certificate are added to key store
keytool error:java.io.FileNotFoundException:cacarts(Access is denied)
It seems a directory access permission issue. Make sure where your cert file present you have provided enough permission.
DeleteAny ideas how to apply this to ColdFusion 11 on Server 2012? Is it ColdFusion11\jre\lib\security?
ReplyDeleteFor CF11 got to {ColdFusion Root}\jre\bin\ and follow the process.
DeleteIf you are trying to call web services in CF 11 (and maybe 10 but check that yourself), CF expects the web service or any CFHTTP call to use the WebSocket Service and port 8577 in a standard setup. This is because the WebSocket Services have been optimized for web services and CFHTTP also uses WebService Sockets. I run CF 11 on my IIS server and port 8577 is blocked by a firewall. When I tried to connect, it sends back "I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" for CFHTTP and web services. It would seem like it requires adding custom certificates to the CACERT for JRE but that is not the solution for me. There is a simple fix to get this running with IIS (at least IIS) if you do not want to unblock the WebSocket Service and you don't need that performance to run natively. All you have to do is go in to the CF Admin dashboard and change the WebSocket Service to "Use Proxy". Restart the CF ApplicationServer service and it should work just fine. If these directions are not perfect I apologize but it will lead you to get it working.
ReplyDeleteThank you for posting this!
ReplyDeleteIt is very good blog and useful for students
ReplyDelete.Net Online Course Hyderabad
This was yuuuuge. THANK YOU!
ReplyDeletehttps://java-reader.blogspot.com/
ReplyDeletesmm panel
ReplyDeleteSMM PANEL
iş ilanları
instagram takipçi satın al
HTTPS://WWW.HİRDAVATCİBURADA.COM
https://www.beyazesyateknikservisi.com.tr/
servis
tiktok jeton hilesi
Good content. You write beautiful things.
ReplyDeletevbet
vbet
taksi
sportsbet
hacklink
sportsbet
mrbahis
hacklink
mrbahis
Success Write content success. Thanks.
ReplyDeletekralbet
deneme bonusu
canlı poker siteleri
betmatik
betturkey
canlı slot siteleri
kıbrıs bahis siteleri
dijital kartvizit
ReplyDeletereferans kimliği nedir
binance referans kodu
referans kimliği nedir
bitcoin nasıl alınır
resimli magnet
OG288
hatay
ReplyDeletekars
mardin
samsun
urfa
BZRİ
Samsun
ReplyDeleteNevşehir
Van
Bartın
Edirne
W8OPXZ
bitlis
ReplyDeleteurfa
mardin
tokat
çorum
BQ1ZT
görüntülü show
ReplyDeleteücretlishow
YZRFJ
ankara parça eşya taşıma
ReplyDeletetakipçi satın al
antalya rent a car
antalya rent a car
ankara parça eşya taşıma
QG7HA
E384C
ReplyDeleteAntep Evden Eve Nakliyat
Zonguldak Lojistik
İstanbul Parça Eşya Taşıma
Bursa Evden Eve Nakliyat
Kucoin Güvenilir mi
Balıkesir Evden Eve Nakliyat
Kalıcı Makyaj
Ankara Parça Eşya Taşıma
Pursaklar Parke Ustası
8C82C
ReplyDeleteÇerkezköy Mutfak Dolabı
Bolu Lojistik
Çerkezköy Bulaşık Makinesi Tamircisi
Antep Şehir İçi Nakliyat
Çerkezköy Evden Eve Nakliyat
Pursaklar Fayans Ustası
Manisa Şehir İçi Nakliyat
Hatay Lojistik
Kilis Evden Eve Nakliyat
شركه مكافحه حشرات بالاحساء GnjhqkD80x
ReplyDeleteشركة عزل اسطح بحائل AG844EJ2Yy
ReplyDeleteشركة تسليك مجاري YqYfqzhYob
ReplyDeleteشركة تنظيف فلل بالقطيف I7QBi8jq5k
ReplyDeleteشركة مكافحة الحشرات بالاحساء WMdsTG9ELc
ReplyDeleteشركة تنظيف مجالس بالجبيل cV4yU0o3X6
ReplyDeleteشركة عزل اسطح بالجبيل jwD3F25AFX
ReplyDeleteشركة تنظيف بالاحساء G1X7VNlv2a
ReplyDeleteشركة تسليك مجاري بالدمام rHTkraRQ7O
ReplyDelete