Remote API & Self Signed SSL certs

  • ChrisBlackwell
  • 06/20/07
  • Offline
Posted: Tue, 2005-12-06 12:10

Just wanted to share some experiences trying to use the remote api from within Coldfusion MX7.

I tried to make http calls to the api cgi script but kept getting the error "ErrorDetail I/O Exception: peer not authenticated". After a bit of googling it turns out this is a java security issue to do with unrecognised ssl certs.

Because the ssl cert that webmin uses is self signed it needs to be added to Java's keystore, i found a very useful document on how to do it[a href="http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool">here</a>

This means if you have multiple virtualmin servers you will need to import the certificate for each in order to use the API. I dont know whether this is possible, but if Virtualmin.com setup a CA, then couldn't the install script get a certificate from it? At least then you would only need to import the the root CA cert, and not one for every server... or am i wrong on this, certificates arent my strong point :D

These issues will apply to CFMX, CFMX7 and any J2EE or jsp applications. I'm not sure if problems like this occur in .net/asp/php, but if they do the solution will be similar.