I just downloaded the cert directly from firefox by clicking on the icon to the left of the address in the address bar. There it gives you a drop down with a button that reads "More Information". From there, I click the "View Certificate" button, click the details tab, and finally click the export button. I changed the extension to .crt but it doesn't really matter as long as you can find it later.
Then, I go into the command prompt, cd to the cold fusion JVM directory (c:\CFusionMX7\runtime\jre\ on my machine) and issue the following command (make sure it is all on one line):
bin\keytool -import -trustcacerts -alias whateverAliasYouWant -keystore lib\security\cacerts -file \PathToYourCert\theCertificateFileYouSaved.crt
Then restart coldfusion.
I think that it would probably be better to add the cert providers parent certificate, but this method worked for me. We really only need it for sites that we need coldfusion to connect to with SSL that have these cheap certificates. Since we only do this for rare customer data exchanges, we can add them one by one as needed. So far I have had this problem with GoDaddy and GeoTust certs. I don't know if others cause the same problem or not.
For adding larger than 1024 bit certs to ColdFusionMX7 see the following link:
http://confluence.slac.stanford.edu/display/JAVA/Upgrading+jdk+1.4+for+4096+bit+ssl
No comments:
Post a Comment