When working with CFHTTP and calling URLs that are secured with SSL (HTTPS) you may receive the error:
I/O Exception: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)This is likely due to ColdFusion/JAVA not having the certificate within its trust store of SSL certificates.
There are two options on resolving this issue.
Using ColdFusion Admin CF-CertMan
If you have installed the ColdFusion CF-CertMan script to your ColdFusion administrator you can use the following steps to add an SSL certificate:
- Download the domain SSL certificate you are calling within your CFHTTP. Click here for a useful how-to guide on doing this.
- Login to your ColdFusion Administrator and click on the menu item listed as "Certificate Management" under the tab 'SSL CERTIFICATES'
- You will now see an option to upload the SSL certificate in the main screen.
- Complete the form with a unique name of the SSL (recommend using the current date + domain name), you can add the SSL certificate file downloaded in step 1 and click Add Certificate.
- You will then need to restart the ColdFusion service.
Using SSH
To resolve this following the below steps (based on Linux CentOS commands):
- Download the domain SSL certificate you are calling within your CFHTTP. Click here for a useful how-to guide on doing this.
- Using FileZilla or any FTP program upload your saved certificate to the server in an easy to remember location.
- Change to the directory that contains the JAVA version you are using as shown below:
cd /usr/java/jdk1.8.0_66/bin - You will be using the 'keytool' commands to import your certificate and apply it. Below is an example, we will go through each command element further below:
keytool -import -v -alias your-saved-cert -file /your-saved-cert.cer -keystore /usr/java/jdk1.8.0_66/jre/lib/security/cacerts -storepass changeit - Next you will need to restart ColdFusion services to apply the changes fully.
So now we will go through some of the elements of the 'keytool' command that you ran.
- -alias your-saved-cert
This alias will be a unique name you need to provide so it can be referenced by yourself and JAVA - -file /your-saved-cert.cer
This tells the keytool where your file is located on the server, in the above example the file 'your-saved-cert.cer' is located in the root of the server - -keystore /usr/java/jdk1.8.0_66/jre/lib/security/cacerts
The keystore option is the location of the cacerts file that will store the references of your certificate - -storepass changeit
The storepass is the password of your JAVA store on your server, by default it is 'changeit'
Other
You can find the latest Adobe documentation for importing SSL certificates at: https://helpx.adobe.com/coldfusion/kb/import-certificates-certificate-stores-coldfusion.html
