Cfldap and ssl

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in
OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles

I am using cfldap with cfssl_basic and have no problems on Lucee.On Feb 17, 2015, at 8:41 AM, Charles Heizer <@Charles_Heizer> wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in OpenBD but I keep getting a error saying “The Error Occurred in line 14” … secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Sweet! Thank you, it now works fine!

By any chance is there a config to reference a different cacerts file?

Thanks,
CharlieOn Monday, February 23, 2015 at 11:43:35 AM UTC-8, Robert Munn wrote:

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to
import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer <ceh...@gmail.com <javascript:>> wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not an
OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS
-Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the self-signed
SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in
OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to import the certificates you need the application to trust.On Feb 23, 2015, at 11:15 AM, Charles Heizer <@Charles_Heizer> wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:
FYI, on a clean install on my dev system I had to import the self-signed SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in OpenBD but I keep getting a error saying “The Error Occurred in line 14” … secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Interesting. I did not try the cacerts file. In OpenBD, and this is not an
OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
CharlieOn Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the self-signed
SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn <robert...@gmail.com <javascript:>> wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer <ceh...@gmail.com <javascript:>> wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in
OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

File a ticket for it, por favor-- that should be an easy one.

I don’t know if these ever got added, but they’d be swell to have as well:

http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html

Mainly http.proxyHost and http.proxyPort I think, and it’s been years
since I checked, so they might be in there already, but it came to mind,
since they’re handy props too.

FWIW a quick grep didn’t see 'em being read anywhere.

-DenOn 2/23/15 2:44 PM, Charles Heizer wrote:

Sweet! Thank you, it now works fine!

By any chance is there a config to reference a different cacerts file?

Let’s not forget the cute GUI cert installer in the server admin: Server
Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to
import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer <ceh...@gmail.com <javascript:>> wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not an
OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS
-Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the self-signed
SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in
OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com <javascript:>.
To post to this group, send email to lu...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

In my case I needed to import a self-signed cert manually because the name
does not resolve correctly. I think that is a common enough problem that
it would be useful for the import function to have a way to upload a cert
file.On Feb 26, 2015 8:32 AM, “Jamie Jackson” <@Jamie_Jackson> wrote:

Let’s not forget the cute GUI cert installer in the server admin: Server
Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)

On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to
import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer ceh...@gmail.com wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not
an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/
path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the self-signed
SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works
in OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Can the Lucee Admin SSL installer handled wildcard self-signed certificates?

I keep keep this error (in Lucee [5 express with jre1.8.0_40], Railo 4.2
and ACF 8)
cfhttpStructcharsetstringerrordetailstringUnknown host: peer not
authenticatedfilecontentstringConnection
FailureheaderstringmimetypestringUnable
to determine MIME type of file.responseheaderStructstatuscodestringConnection
Failure. Status code unavailable.textbooleantrue
SSL Certificates from host tyrion.tradecentre.ioSubjectIssuerEMAILADDRESS=
craig@lwl.com, CN=.tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth,
ST=Western Australia, C=AUEMAILADDRESS=craig@lwl.com, CN=
.tradecentre.io,
OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AUOn 1 March 2015 at 10:26, Robert Munn <@Robert_Munn> wrote:

In my case I needed to import a self-signed cert manually because the name
does not resolve correctly. I think that is a common enough problem that
it would be useful for the import function to have a way to upload a cert
file.

On Feb 26, 2015 8:32 AM, “Jamie Jackson” <@Jamie_Jackson> wrote:

Let’s not forget the cute GUI cert installer in the server admin: Server
Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)

On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to
import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer ceh...@gmail.com wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not
an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/
path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the
self-signed SSL cert for my dev LDAP instance into the cacerts file that
Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works
in OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> http://webonix.net | <webonix:org
community=“Open” /> http://webonix.org
http://twitter.com/webonix

I may give this a go and see what I can do with it. I’ll let you know.

RobertOn Apr 15, 2015, at 10:45 PM, AJ Mercer <@AJ_Mercer> wrote:

I think the issue is with the wildcard certificate

On Thursday, 16 April 2015, Robert Munn <@Robert_Munn> wrote:
It should be able to handle self-signed certs. You will need to add the certificate authority for your self-signed cert to the Java trusted certificate authority store, so you need to import the public certificate chain for the ca that signed the cert into cacerts.

On Apr 15, 2015, at 8:58 PM, AJ Mercer <@AJ_Mercer> wrote:

Can the Lucee Admin SSL installer handled wildcard self-signed certificates?

I keep keep this error (in Lucee [5 express with jre1.8.0_40], Railo 4.2 and ACF 8)
cfhttp
Struct
charset
string
errordetail
string Unknown host: peer not authenticated
filecontent
string Connection Failure
header
string
mimetype
string Unable to determine MIME type of file.
responseheader
Struct
statuscode
string Connection Failure. Status code unavailable.
text
boolean true

SSL Certificates from host tyrion.tradecentre.io
Subject Issuer
EMAILADDRESS=craig@lwl.com, CN=.tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AU EMAILADDRESS=craig@lwl.com, CN=.tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AU

On 1 March 2015 at 10:26, Robert Munn <@Robert_Munn> wrote:
In my case I needed to import a self-signed cert manually because the name does not resolve correctly. I think that is a common enough problem that it would be useful for the import function to have a way to upload a cert file.

On Feb 26, 2015 8:32 AM, “Jamie Jackson” <@Jamie_Jackson> wrote:
Let’s not forget the cute GUI cert installer in the server admin: Server Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)

On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:
The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer ceh...@gmail.com wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:
FYI, on a clean install on my dev system I had to import the self-signed SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in OpenBD but I keep getting a error saying “The Error Occurred in line 14” … secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> | <webonix:org community=“Open” />
http://twitter.com/webonix


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAPURtC1x3ikgypmkXBOSxM66QC2TQNoeLJroHTQ4AKBk5UGjyw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/6B9FD223-E5F9-4E61-ACD1-F0C29FECA85F%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> | <webonix:org community=“Open” />
http://twitter.com/webonix


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAPURtC0rj7Jw7GCtm9OxJPqSZVkmHJjBs08Y-0g3m_Kf_oh0YQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

I think the issue is with the wildcard certificateOn Thursday, 16 April 2015, Robert Munn <@Robert_Munn> wrote:

It should be able to handle self-signed certs. You will need to add the
certificate authority for your self-signed cert to the Java trusted
certificate authority store, so you need to import the public certificate
chain for the ca that signed the cert into cacerts.

On Apr 15, 2015, at 8:58 PM, AJ Mercer <@AJ_Mercer <javascript:_e(%7B%7D,‘cvml’,’@AJ_Mercer’);>> wrote:

Can the Lucee Admin SSL installer handled wildcard self-signed
certificates?

I keep keep this error (in Lucee [5 express with jre1.8.0_40], Railo 4.2
and ACF 8)
cfhttpStructcharsetstringerrordetailstringUnknown host: peer not
authenticatedfilecontentstringConnection FailureheaderstringmimetypestringUnable
to determine MIME type of file.responseheaderStructstatuscodestringConnection
Failure. Status code unavailable.textbooleantrue
SSL Certificates from host tyrion.tradecentre.ioSubjectIssuerEMAILADDRESS=
craig@lwl.com <javascript:_e(%7B%7D,‘cvml’,‘craig@lwl.com’);>, CN=.
tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western
Australia, C=AUEMAILADDRESS=craig@lwl.com
<javascript:_e(%7B%7D,‘cvml’,‘craig@lwl.com’);>, CN=
.tradecentre.io,
OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AU

On 1 March 2015 at 10:26, Robert Munn <@Robert_Munn <javascript:_e(%7B%7D,‘cvml’,’@Robert_Munn’);>> wrote:

In my case I needed to import a self-signed cert manually because the
name does not resolve correctly. I think that is a common enough problem
that it would be useful for the import function to have a way to upload a
cert file.

On Feb 26, 2015 8:32 AM, “Jamie Jackson” <@Jamie_Jackson <javascript:_e(%7B%7D,‘cvml’,’@Jamie_Jackson’);>> wrote:

Let’s not forget the cute GUI cert installer in the server admin: Server
Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)

On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:

The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to
import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer ceh...@gmail.com wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not
an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/
path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:

FYI, on a clean install on my dev system I had to import the
self-signed SSL cert for my dev LDAP instance into the cacerts file that
Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works
in OpenBD but I keep getting a error saying “The Error Occurred in line 14”
… secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com
https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google
Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com
https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> http://webonix.net/ | <webonix:org
community=“Open” /> http://webonix.org/
http://twitter.com/webonix


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/CAPURtC1x3ikgypmkXBOSxM66QC2TQNoeLJroHTQ4AKBk5UGjyw%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CAPURtC1x3ikgypmkXBOSxM66QC2TQNoeLJroHTQ4AKBk5UGjyw%40mail.gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee%2Bunsubscribe@googlegroups.com’);>.
To post to this group, send email to lucee@googlegroups.com
<javascript:_e(%7B%7D,‘cvml’,‘lucee@googlegroups.com’);>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/lucee/6B9FD223-E5F9-4E61-ACD1-F0C29FECA85F%40gmail.com
https://groups.google.com/d/msgid/lucee/6B9FD223-E5F9-4E61-ACD1-F0C29FECA85F%40gmail.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> http://webonix.net | <webonix:org
community=“Open” /> http://webonix.org
http://twitter.com/webonix

It should be able to handle self-signed certs. You will need to add the certificate authority for your self-signed cert to the Java trusted certificate authority store, so you need to import the public certificate chain for the ca that signed the cert into cacerts.On Apr 15, 2015, at 8:58 PM, AJ Mercer <@AJ_Mercer> wrote:

Can the Lucee Admin SSL installer handled wildcard self-signed certificates?

I keep keep this error (in Lucee [5 express with jre1.8.0_40], Railo 4.2 and ACF 8)
cfhttp
Struct
charset
string
errordetail
string Unknown host: peer not authenticated
filecontent
string Connection Failure
header
string
mimetype
string Unable to determine MIME type of file.
responseheader
Struct
statuscode
string Connection Failure. Status code unavailable.
text
boolean true

SSL Certificates from host tyrion.tradecentre.io
Subject Issuer
EMAILADDRESS=craig@lwl.com, CN=.tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AU EMAILADDRESS=craig@lwl.com, CN=.tradecentre.io, OU=Technology, O=LWL Pty Ltd, L=Perth, ST=Western Australia, C=AU

On 1 March 2015 at 10:26, Robert Munn <@Robert_Munn> wrote:
In my case I needed to import a self-signed cert manually because the name does not resolve correctly. I think that is a common enough problem that it would be useful for the import function to have a way to upload a cert file.

On Feb 26, 2015 8:32 AM, “Jamie Jackson” <@Jamie_Jackson> wrote:
Let’s not forget the cute GUI cert installer in the server admin: Server Admin > Services > SSL Certificates

(I only learned about it a couple days ago.)

On Monday, February 23, 2015 at 2:43:35 PM UTC-5, Robert Munn wrote:
The default keystore in Lucee is here:

./WEB-INF/lib/lucee-server/context/security/cacerts

You should not need to define it in CATALINA_OPTS. Just use keytool to import the certificates you need the application to trust.

On Feb 23, 2015, at 11:15 AM, Charles Heizer ceh...@gmail.com wrote:

Interesting. I did not try the cacerts file. In OpenBD, and this is not an OpenBD thing but via Tomcat I use the

CATALINA_OPTS="$CATALINA_OPTS -Djavax.net.ssl.trustStore=/path/to/certStore"

Is the cacerts different than the javax.net.ssl.trustStore?

Thanks,
Charlie

On Tuesday, February 17, 2015 at 11:19:36 AM UTC-8, Robert Munn wrote:
FYI, on a clean install on my dev system I had to import the self-signed SSL cert for my dev LDAP instance into the cacerts file that Lucee uses.

On Feb 17, 2015, at 11:08 AM, Robert Munn robert...@gmail.com wrote:

I am using cfldap with cfssl_basic and have no problems on Lucee.

On Feb 17, 2015, at 8:41 AM, Charles Heizer ceh...@gmail.com wrote:

Hello,
Is cfldap using secure functional? I’m trying a quick test which works in OpenBD but I keep getting a error saying “The Error Occurred in line 14” … secure=“CFSSL_BASIC”

Thanks,
Charles


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/29fa8ecd-d369-452d-8690-b7a513b0dc8a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5cc884e3-046f-4a58-90c3-a3c6648a45f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/5e3ebf6b-b101-4389-bd20-382a466cbf37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAE1_fB4_LmZDP9YZ2%2BMWrz1HGopy0U1d2x%2BDd5f3Fykf1PFFBg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

AJ Mercer
<webonix:net strength=“Industrial” /> | <webonix:org community=“Open” />
http://twitter.com/webonix


You received this message because you are subscribed to the Google Groups “Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAPURtC1x3ikgypmkXBOSxM66QC2TQNoeLJroHTQ4AKBk5UGjyw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.