CFML SSL CERT ISSUE

This Error happens for quite few reasons. I mostly got it around these two,

• The SSL cert is really expired
• Once of the cert in the SSL chain is "self signed"

From client side they would claim the SSL is fine because its working with every other vendor systems and Surprisingly they are right because the API would be still functional even in POSTMAN.

No need to say, but CFML is like wrapper of JAVA. So the underlying world of CFML is JAVA. In Other words, like in DOTNET, you can think of this as , CFML ASSEMBLY is of JAVA type. So basic in JAVA there CERT STORE. So any web api call to work through certain CFML Tags, the same need to have their CERT registered into JAVA CERT Store.

Sometimes, the network team would say we have already registered the cert of that particular url.

But fact is the error might be coming from one of the chained CERT. So it necessary to have all the CERTS in the CHAIN registered into JAVA CERT STORE.

How to Register SSL CERT into JAVA CERT Store from CFML.

You can't directly. You need NETWORK team help to do so. They will use bunch of JAVA util command to get this done.

So what if we know those JAVA util commands? Can we do it from CFML?, "Yep".

We can, but not directly. We can use "CFEXECUTE" to fire up NodeJS file. Which will fire up those JAVA util Commands.

But its not only about firing a command. But also about pulling the CERT from url. That's the interesting part.

Network team can do this manually by pulling the CERT out of url using the browser Lock Icon (you can see it near the SSL url in your browser).

The Idea goes like this.

1. USE CFML to PULL the SSL CERT (Including the CHAINED CERTS)

2. CFEXECUTE NODEJS to fire up required JAVA commands to register those Chained CERTS.

3. USE CFML (CFIDE COMMANDS) to restart the CFML service.