We have a webserver connected to an old database. The old database server is end of life. When we set that up we did not need a secure connection. Now we have a new database on a new database server. Our IT department is requiring this to be a secure connection (even though it's an intranet).
Using ColdFusion Administrator I tried simply editing the URL of the server, but I get this error:
Connection verification failed for data source: xxxxxxxx
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer
JDBC Driver]The SQL Server login requires an SSL connection. The root
cause was that: java.sql.SQLNonTransientConnectionException:
[Macromedia][SQLServer JDBC Driver]The SQL Server login requires an
SSL connection.
That's when I heard from my IT people that it needs to be a secure connection.
I have no idea how to do that, and Google didn't offer me any help, probably because I don't know what to search for.
Could one of you wonderful people please offer a suggestion on how to create a secure connection from ColdFusion Administrator 10 to MS SQL 2008?
Thank you
Related
I have set up SQL network encryption using the server manager using below steps:
Select certificate
Set force encryption to true
Restart server
From my C++ client application, I am able to establish association and also using Wireshark was able to verify that it is encrypted. I used SQL Server driver.
One surprise was that I didn’t have the certificate installed in my client.
Now I use ODBC driver and as expected it throws up validation error for certificate chain.
Why does SQL server driver not throw certificate chain error? How does it establish encrypted association even when client does not have certificate?
Additionally, just noticed that for SQL Driver, network encryption happens based on the Force encryption flag set at server side. While for ODBC driver it seems to be based on what is set in connection string. Can someone correct me?
I'm new to this online server area, all I've done so far is create a server on Digital Ocean using Ubuntu 20.04 operating system with LAMP library (apache2) installed.
Currently I use Putty to access the server's command line (I use private key ssh authentication files).
When I put the domain URL or IP, enter port 22, and click "Open connection", the application automatically manages to connect to the server asking for login and password.
Pretty simple isn't it? My concern is that anyone who has the least knowledge can come across the gateway to my server, just that he has the login and password to access.
But when I try to connect with putty on sites like stackoverflow.com, google.com, facebook.com and among others, putty doesn't give me the opportunity to type the login.
Knowing this, how do I secure my server so that it can act in the same way as the aforementioned sites?
You could add some sort of VPN and whitelist a select amount of IP addresses able to access your server. This would add an extra layer of security.
I am trying to establish a connection to a database in my C++ code; however, I am unsure how to do so. My database is Azure SQL which uses microsoft sql server as the backend. Could someone provide me a website or code that executes the connection with the server name, database name, username, and pass?
Thank you
To find the connection string, first login to Azure portal, then click your database > Show database connection strings, and you'll see the connection strings for ADO.NET, ODBC, PHP, JDBC.
For c++ code sample of connecting to Azure SQL Database, you can refer to this article https://msdn.microsoft.com/en-us/magazine/dn630643.aspx , use the ODBC connection string of your database.
CF9
Exchange server 2007 (hosted)
I am trying to add a calendar event for a user on our hosted exchange server. I'm getting the error ;
Unable to connect to the Exchange server using HTTP/HTTPS protocol.
HTTP response code : 400
The code is;
<cfexchangeCalendar action="Create"
username="EXCH016\ron_domain"
password="password"
mailboxname="ron"
server="https://owa016.msoutlookonline.net/owa"
Protocol="https"
formbasedauthentication=true
formbasedauthenticationURL="https://owa016.msoutlookonline.net/owa/auth/owaauth.dll"
Event="#sEvent#"
result="theUID">
#theUID#<br>
I know I can contact the server using the following;
<cfhttp URL='https://owa016.msoutlookonline.net/owa' result='res' >
<cfdump var="#res#">
<cfoutput>#res.filecontent#</cfoutput>
I get the form that requests email address and password.
I've been working on this problem for some time now. I can go to the owa page via browser and log in. At this point I'm at a loss on how to debug the problem.
I have had the same type of problem in the past, when one of my customers went from Privately Hosted and Run vs Hosted Solutions.
Although, I never used the formbasedauthentication method when authenticating, maybe this bypasses some of my issues.
The big thing we had issues with is that most Providers don't all WebDav access on their servers.
Since you are getting a 400, bad request, this is what I would look for first.
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=cfexchange_3.html talks about what CF needs to connect to Exchange, maybe see if the support staff can confirm the setup.
Since you are using HTTPS, have you added the Cert into the JRE cert Store?
Sorry this probably isn't much help, but I hope it helps.
I have ColdFusion 9 installed on my system.
I need to read data from an SSL encrypted site (https). I have followed all the steps described in CF documentation.
That is:
Go to a page on the SSL server in question.
Double-click the lock icon.
Click the Details tab.
Click Copy To File.
Select the base64 option and save the file.
Copy the CER file into C:\ColdFusion8\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
In CMD, it showed "certificate was added successfully"
But it is still showing the same error peer not authenticated.
Is there anything more required?
If you are trying to call web services in CF 11 (and maybe 10 but check that yourself), CF expects the web service or any CFHTTP call to use the WebSocket Service and port 8577 in a standard setup. This is because the WebSocket Services have been optimized for web services and CFHTTP also uses WebService Sockets.
I run CF 11 on my IIS server and port 8577 is blocked by a firewall. When I tried to connect, it sends back this error for CFHTTP and web services:
"I/O Exception: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
It would seem like it requires adding custom certificates to the CACERT for JRE, but that is not the solution for me.
There is a simple fix to get this running with IIS (at least IIS) if you do not want to unblock the WebSocket Service and you don't need that performance to run natively. All you have to do is go in to the CF Admin dashboard and change the WebSocket Service to "Use Proxy". This will send all calls to the CF WebSocket Service or CFHTTP through IIS as a proxy. Restart the CF Application Server service and it should work just fine. If these directions are not perfect I apologize but it will lead you to get it working. See also Using WebSocket with ColdFusion 11.
Although the documentation doesn't specifically mention it, restarting the ColdFusion service is required. If you haven't already, that should be the first thing you try.