tracker issue : CF-3344353

select a category, or use search below
(searches all categories and all time range)
Title:

Web services will not be served over https, if wsdl version 2 is being used.

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Jesse Carlton / Jesse Carlton (Jesse Carlton)

Created: 10/10/2012

Components: Web Services

Versions: 10.0

Failure Type: Non Functioning

Found In Build/Fixed In Build: Final / 285129, 286125

Priority/Frequency: Critical / All users will encounter

Locale/System: English / Win 2008 Server R2 64 bit

Vote Count: 3

Problem Description:  If you create a cfc and call the cfc?wsdl url using https, it fails

Steps to Reproduce:create any cfc and call with https url
eg:<cfcomponent name="test1" >
<cffunction name="makeGo" access="remote"  returntype="Boolean">
    <cfreturn true>
</cffunction>
</cfcomponent>

Actual Result:blank page or tomcat error depending on the server.

Expected Result:endpoints http://server/whatever.cfc and https://server/whatever.cfc

Any Workarounds:You can edit axis2.xml to add an https transportReceiver, but the endpoint urls that are generated are http://server:80/whatever.cfc and http://server:443/whatever.cfc,
coldfusion.xml.rpc.CFAxisServletListener is hardcoded to only use http.

excerp:
    serviceName = WebServiceUtil.getCFCPathForEndpoint(serviceName);
    String endpointRefernce = "http://" + ip + ":" + getPort() + "/" + serviceName;

    EndpointReference endpoint = new EndpointReference(endpointRefernce);

    return new EndpointReference[] { endpoint };

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3344353

Keywords:
FixTested


External Customer Info:
External Company:  
External Customer Name: jcarlton@sterling.ca
External Customer Email:  
External Test Config: My Hardware and Environment details:IIS on server 2008 R2, cf10 with update 2

Attachments:

Comments:

CF9 gives you only one endpoint in the generated wsdl, http://server/whatever.cfc when accessed from http, and https://server/whatever.cfc when accessed using https.
Comment by External U.
17621 | October 10, 2012 01:01:01 PM GMT
I found the same issue. Is this a configuration issue? Can someone from Adobe please validate this?
Comment by External U.
17622 | November 01, 2012 09:08:32 AM GMT
I have not found a successful way to run secure web services under Coldfusion 10. This is an absolute requirement for my clients and has forced me to temporarily abandon my plans for an upgrade.
Vote by External U.
17632 | November 01, 2012 09:10:11 AM GMT
We are having a similar issue but it is calling a external webservice URL not running ColdFusion using https. Not entirely sure whether related to this bug or something on our end.
Comment by External U.
17623 | March 19, 2013 06:51:00 AM GMT
Stalling our team's projects due to issues with CF connecting to external webservices using HTTPS and require authentication.
Vote by External U.
17633 | March 19, 2013 06:52:17 AM GMT
Unverified since October last year? That's ridiculous. And yes I am having the same problem. Reverting back to Axis 1 seems to solve the problem but then what's the point of even having the Axis 2 option? There is none.
Comment by External U.
17624 | May 31, 2013 04:18:38 PM GMT
We ran into the same issue and we are hoping the resolution is in its way. Meanwhile I suggested to our team to use encryption to secure the information that needs to be passed. Hoping to have a hotfix for this soon! Thanks!
Comment by External U.
17625 | June 03, 2013 10:35:09 AM GMT
We are working on implementation of a web service that needs to use Axis2 and we are not able to use the https protocol. There is no workaround to this.
Vote by External U.
17634 | June 03, 2013 10:42:53 AM GMT
In the generated wsdl the end points are pointed to http url instead of https. Sending it to dev.
Comment by HariKrishna K.
17626 | June 07, 2013 08:40:14 AM GMT
When a web service is published from an SSL enabled server, the web service endpoint address was pointing to an HTTP Endpoint. Fixed it by using the scheme to generate the end point address.
Comment by Paul N.
17627 | June 07, 2013 08:58:49 AM GMT
Verified the fix with update, closing the bug.
Comment by HariKrishna K.
17628 | June 14, 2013 06:36:22 AM GMT
Is the fix included in CF10 Update 10? I updated it this weekend, but still getting the same result. Is there another hotfix that needs to be applied? Thanks!
Comment by External U.
17629 | June 24, 2013 07:59:12 AM GMT
No, it is not part of Update 10 .It will be part of the next update.
Comment by Asha K.
17630 | June 26, 2013 12:47:37 AM GMT
The only work arround I have been able to come up with is as follows: Log into CF10 Administrator Under Data & Services --> Web Services Set -- Web Service Version = 1 This works on an IIS CF10 box requireing both HTTPS and PKI
Comment by External U.
17631 | June 28, 2013 10:15:05 AM GMT
In case anyone finds this bug report and is running CF11 or above, I would clarify that you CAN indeed have CF web services served via https. The solution is hinted at in the "workaround" mentioned in the original posting here. You need to add another "transportReceiver" for "https" in axis2.xml file. Here's more info: http://www.shavedmonkeys.com/index.cfm/coldfusion-blog/deploy-ssl-https-webservice-in-coldfusion/ To be clear, what this bog report was complaining about (in the CF10 timeframe, in 2012) was that (until its update 12) even THAT did not work, in that one had to do that AND also still use http:// and port 443. The latter is no longer needed after CF10 update 12. But even in CF2018, one must add that https transportreceiver.
Comment by Charlie A.
29148 | June 30, 2018 04:16:08 PM GMT