问题
Trying to do a certificate import into the cacerts story in ColdFusion10. I am able to run these commands and get the .cer file to import using these commands.
Manually import a certificate
Go to a page on the SSL server in question.
- Double-click the lock icon. Click the Details tab.Click Copy To File. Select the base64 option and save the file. Copy the CER file into C:\ColdFusion9\runtime\jre\lib\security (or whichever JRE ColdFusion is using). Run the following command in the same directory
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
But when I try and do a cfhttp call it fails. I suspect that I am saving the certificate in the wrong format.
I am using X.509 .der which is the recommended format. Is this the same base64? Does anyone know the documentation for this on CF10? I did this successfully on CF9 but it does not seem to work on CF10.
回答1:
I would suggest using Certman from riaforge just to ensure that everything is being imported correctly
http://certman.riaforge.org/
回答2:
Are you sure that the import worked? Whenever I have imported certificates in the past (using CF9) I needed to supply the password for the cacerts keystore. I do not see that in your posted example. The command to import should be something like this:
keytool -import -v -alias giveUniqueName -file filename.cer -keystore cacerts -storepass thePassword
Here is the command line to verify an imported certificate:
keytool -list -v -keystore cacerts -alias giveUniqueName -storepass thePassword
I did not include the password here but am pretty sure you can Google it. If not, send me a message and I can give it to you.
And yes, I always export the certificate in DER format as well. That should work. Also, you may need to supply pathing information depending on where you run the keytool commands from and where your certificate file resides.
Another note, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home
line.
Oh - and you have to restart ColdFusion after making the import.
UPDATE FOR CF10
I found a forum discussion (here) talking about installing certificates on CF10. The keytool
commands appear to be slightly different in their example. In case it is a bit different than CF9, here is what they said:
keytool -importcert -alias giveUniqueName -trustcacerts -file filename.cer -keystore cacerts -storepass thePassword
Trust this certificate? [no]: y
It looks like the verification command line has not changed.
来源:https://stackoverflow.com/questions/13863292/import-certificate-for-coldfusion10