tracker issue : CF-4011401

select a category, or use search below
(searches all categories and all time range)
Title:

Certificate Manager for CFHTTP

| View in Tracker

Status/Resolution/Reason: Closed/Deferred/

Reporter/Name(from Bugbase): Stephen Walker / Stephen Walker (Stephen Walker)

Created: 06/23/2015

Components: Net Protocols, HTTP

Versions: 11.0

Failure Type: Enhancement Request

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Trivial / Unknown

Locale/System: English / Mac 10 All

Vote Count: 2

With all government sites mandated to use https by the end of 2016 (https://www.whitehouse.gov/blog/2015/06/08/https-everywhere-government), and more and more commercial services moving to https, there needs to be an easy way to add certs to the Java Trusted Store so that cfhttp works correctly.  I currently have a tool that tests website status (500 websites) inside a government network and externally, and https sites will not resolve.  If there is already an easy way to do this, please share instructions here.

By the way, in the platform area, you need "All Platforms"

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4011401

External Customer Info:
External Company:  
External Customer Name: Stephen
External Customer Email:  
External Test Config: My Hardware and Environment details: OSX 10.10, Windows 10, Windows Server 2012Rs

Attachments:

Comments:

is that not what this does? http://certman.riaforge.org/ , but it would be nice if CF had this functionality anyway
Comment by External U.
7013 | June 29, 2015 05:20:34 AM GMT
Didn't know this existed and will be trying it out. As you said, it should be integrated into the product.
Comment by External U.
7014 | June 29, 2015 03:50:11 PM GMT
FYI - I used CERTMAN on CF11/Windows 2012R2 without issue. It does not work of OSX, but I suspect it is a permissions issue with Java. It would be extremely beneficial if this was integrated into the administrator. Also, as expected, it does require service restart each time you add a certificate.
Comment by External U.
7015 | July 04, 2015 04:39:52 PM GMT
I recntly used certman on CF9 and it worked like a charm. The government is not the only entity making security changes - Paypal has just moved to SHA-256 certifactes too. This is indeed important to security and should be included in the security section of the cfide (at least while CF is JVM based!)
Vote by External U.
7019 | July 05, 2015 04:43:36 PM GMT
What does deferred mean? This seems like a straightforward form doesn't it?
Comment by External U.
7016 | August 18, 2015 05:47:48 PM GMT
I would guess that its not something thats going to happen in CF12 and will subsequently be forgotten about in CF13?
Comment by External U.
7017 | August 19, 2015 02:43:37 AM GMT
In light of the fact that the updates to the PR for CF12 are ridiculously slow and still in alpha, can deferred mean there is a possibility it will be something added the CF12?
Comment by External U.
7018 | August 20, 2015 06:31:46 AM GMT