|
I was recently working on an ecommerce site which uses Payflow Pro to process credit card transactions. Well, Verisign was recently acquired by Paypal, and the url of the transaction approval service was changed as of September 1, 2009. Our online store stopped working! When I changed the url for CFHTTP connection to the new Paypal url and tested it, boom! crash! the connection failed! "What is going on here, Paypal?" I shouted at my computer. The strange thing was that I could run a test script on my localhost with no problems, but when I put the test script into our production server, it failed to connect.
After searching high and low for answers, the problem basically (I'm pretty sure) had to do with different versions of Coldfusion: My localhost is running Coldfusion 8, and the server is running Coldfusion MX (7). CFMX 7 Java's keystore did not trust Paypal's SSL new certificate, and therefore my CFHTTP connection to it would fail to authenticate.
The answer to my prayers turned out to be a modified version of one of Steven Erat's blog posts from 2004! Details are below. I grudgingly followed along his step-by-step instructions, using his handy batch files for Windows, but I kept running into issues. It turns out that because the system path to my Java install directory has spaces in it ("C:\Program Files", etc), and because MSDOS is dumb, I had to rewrite large chunks of the batch files to allow for the Java install path. After plugging in all the correct path values, voila! My test script containing the CFHTTP post to the PayFlow Pro address suddenly began working again!
After some serious hoop-jumping, my problem was solved. I celebrated by having a delicious macchiato and reflecting on all I had learned that day.
Here is a modified version of what I did to solve my issue (taken from Steven Erat's blog)
Exporting the SSL certificate (on Windows)
- Browse to the SSL website
- Double click the Lock icon in the status bar
- Click "View Certificate"
- Click the Details Tab
- Click the "Export" button
- Choose the first option (default) for X.509 (".cer" file format)
- Browse to C:\
- Type any filename for certificate such as mycert.cer
- Click Save
Using the keytool to import a certificate
[...]
- Move the mycert.cer file from C:\ to C:\[JAVA_HOME_DIR]\jre6\lib\security\
- Rename C:\[JAVA_HOME_DIR]\jre\lib\security\cacerts to C:\[JAVA_HOME_DIR]\jre6\lib\security\cacerts_orig
- Copy C:\CFusionMX\runtime\jre\lib\security\cacerts to C:\[JAVA_HOME_DIR]\jre6\lib\security\cacerts
- Unzip the zipped bat files anywhere on the system
- Edit each of the *.bat files that were unpacked
- Change bat file JAVA_HOME as needed. Note: I had to change large portions of the bat files due to spaces in my system path
- Change certificate name and certificate alias
- Save bat files
- Double click the import bat file to import the certificate into the keystore
- Double click the list bat file and read the output file to confirm that the certificate was imported
- Copy C:\[JAVA_HOME_DIR]\jre\lib\security\cacerts to C:\CFusionMX\runtime\jre\lib\security\cacerts
- Restart ColdFusion Server
Several of the steps above are slightly different from Steven's original 2004 post. I have italicized the differences.
|
Contact
Home
Blog 
