ColdFusion, SSL, SNI, SAN and Wildcards - Stuff You Need to Know
The Muse welcomes back his friend and colleague (and super genius guru) Wil Genovese with an timely post on SSL and Certificate types. If you have had your head in the ground (or perhaps you have been guest staring on "Naked and Afraid" or "Survivor") you may have missed the hubbub surrounding TLS, SSL and changes and support. There is a lot going on and it is more important than ever that you get your hands around the issue to keep your users safe. Wil has done Yeomen's work identifying the types of certs, the versions of ColdFusion and Java that support them, and work arounds and caveats for those of you who need them. You will likely want to bookmark this one. Take it away Wil.
Read More2 Comments
-
In case it helps anyone else. We were trying to connect to api.dnsimple.com which appears to use a SNI cert.
We had to upgrade our CF9 install to 9.0.2, CHF1, and switch to JRE7.
We also imported the DNSimple cert into the keystore.
All now working. -
In an attempt to get scheduled tasks on a CF11 server working again via https with a SSL wildcard cert, I added
-Djsse.enableSNIExtension=false"
to my jvm.config, just as indicated, and of course the server wouldn't restart. After removing it, and a face palm, I realized that the trailing quotation mark isn't meant to be there.
Unfortunately, I'm still getting the Connection Failure error after correctly adding the setting.
Sites to Watch
Aggregators
RSS
Related Blog Entries