Skip to main content

Importing SSL certs to Coldfusion Railo OR Lucee keystore

If you are having the below error:
Railo 3.3.4.003 Error (javax.net.ssl.SSLHandshakeException)
Messagesun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Causejavax.net.ssl.SSLHandshakeException


This means you are trying to invoke an https webservice. to invoke an SSL webserver you need to import the certificate into Railo by using keytool command. Below are the steps on how to do this:

1- use fire fox to open the webservice and click on the padlock as shown on the below image:

2-Click on more information as below:
 3- Click on View Certificate as below:
4-Click on details as below:
 5- Now export the certificate and save it to your computer with .cer extension.

6- Search in railo folder for the keytool command location, in my case it was under railo\jdk\bin

7-  Search in railo folder for the cacerts location, in my case it was under railo\lib\railo-server\context\sec
urity\cacerts

8- Now run the command as below:

RAILO
d:\railo\jdk\bin>keytool -import -keystore D:\railo\lib\railo-server\context\security\cacerts -alias xyz  -file d:\mcjvaplng.cer -storepass changeit -noprompt
 LUCEE
d:\lucee\jdk\bin>keytool -import -keystore D:\lucee\lib\lucee-server\context\security\cacerts -alias xyz  -file d:\certificatename.cer -storepass changeit -noprompt
You will see a message saying:

Certificate was added to keystore


Restart railo/lucee service and your done.

9- If you want to remove unused or unneeded certificate please run the below command:


D:\railo\jdk\bin>keytool -delete -keystore D:\railo\lib\railo-server\context\security\cacerts -alias xyz -storepass changeit

Copying the content and posting it in another blog is strictly prohibited.
Labels:

Comments

  1. Hatem Jaber22 August 2014 at 06:08

    I used the same exact thing on linux and it worked. I didn't have to navigate to the bin directory either, i just typed the word keytool and it worked from the home directory.

    ReplyDelete
  2. Anonymous5 May 2016 at 23:18

    Thank You very much for creation such page. It really helped.

    ReplyDelete
  3. Tim11 March 2020 at 09:54

    For anyone who has to do SSL Certificate integration with Lucee. 

    This solution worked for me. I did not know Lucee had a SSL Certificate installation tool. In my case I am setting up Authorize.net.

    To resolve the issue in Lucee please do the following:

    Log into the Administrator for Server (not Web).

    Go to SSL Certificates under Services.

    Under Host enter entrust.net and click install. 
    Everything suddenly started working for me.  

    I believe that this tool installs the certificate into the JRE for Lucee.  Windows installation of those certificates doesn't do that apparently.  

    My verbose response is in hopes search engines will pick up on this and help others.  Errors I ran into included:

    PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target,

    truststore, keystore, cacerts

    I was tring to install ssl certificates on Windows.

    ReplyDelete
  4. Duluth Gay Asians30 December 2024 at 18:08

    Hi thhanks for posting this

    ReplyDelete

Post a Comment

Popular posts from this blog

Top Google Adsense Alternatives

Google Adsense is a web tool that allows publishers in the Google Network of content sites to automatically serve text, image, video, and rich media adverts that are targeted to site content and audience. These adverts are administered, sorted, and maintained by Google, and they can generate revenue on either a per-click or per-impression basis.  Google servers advertisers using google adwords platform, while adsense is the publishers platform. Google Adsense is the top Ad Publishers platform over the web ranking number one in web advertising industry. Adsense offers contextual advertisements that covers web sites, blogs, games, videos, mobile browsing etc. What made Google Adsense no. 1 is the reliability, stability, variety of services and large number of publishers including google it self. Also google has a fair platform that detects invalid clicks so google successfully protects its advertisers and also offers its best publishers top CPC. Two reasons are behin...
11 comments
Read more

The Semantic Web

Semantic Web aims to create a meaning and define inter-relationship for information available on the web In the early stages of the World Wide Web (web) it was necessary to develop standards to view web content (HTML language) and to create communication channels (N-Tier applications, email, ftp, etc.). As the web started to be the world’s largest knowledge base, accessible world wide, it became important to develop tools to transfer knowledge between cultures. However, it is still not possible for applications and agents to interoperate with other applications and agents without having a predefined, human created common framework of the meaning of the information being transferred on both sides. Semantic Web (SW) alleviates this problem by providing a common framework that allows data to be shared and reused across application, enterprise, and community boundaries [W3C Semantic Web, 2019]. A clear example on SW application is schema.org. Google, Bing, Yahoo use schema...
Post a Comment
Read more

Google Analytics on Refined Wiki Mobile Theme

Tracking mobile users on Confluence while using Refinedwiki mobile theme is not possible or straightforward using theme configuration. I found a work around that will track users on Google Analytics smoothly. Please follow the below steps: Create a js file, call is analytics.js with the analytics script code, it should look something similar to the below:   (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){   (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),   m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)   })(window,document,'script','//www.google-analytics.com/analytics.js','ga');   ga('create', ' UA-XXXXXX ', 'auto');   ga('set', 'userId',AJS.Data.get("remote-user")); // Set the user ID using signed-in user_id.    ga('send', 'pageview'); Save your script on confluence server confluenceInstall...
1 comment
Read more