cacert file not found on ColdFusion 9 - coldfusion

For my ColdFusion 8 server, I can see the cacerts file in the
following path: C:\ColdFusion8\runtime\jre\bin
However, the cacert file is not present on my ColdFusion 9 server at the same location.
I am trying to install a cert into the ColdFusion truststore by following the
following steps:
1) Run the command prompt as administrator on the ColdFusion server
2) Make a backup of the original cacerts file in case you run into issues
3) Change the directory to your truststore’s location (where cacerts file is located).
In our case: C:\ColdFusion8\runtime\jre\bin
4) Type this command (use current JVM and use current JVM’s keytool):
C:\ColdFusion8\runtime\jre\bin>keytool -import -v -alias exported -file C:\ColdF
usion8\runtime\jre\lib\security\exported.cer -keystore cacerts -storepass changeit
5) Type yes at the prompt to “Trust this certificate?”
6) Restart the ColdFusion service It will not read the updated cacerts file until you do this.
Is there something new for ColdFusion 9? I have successfully installed the certificate for ColdFusion 8 following the above steps? Please advise

The default truststore is the JRE's cacerts file. This file is typically located in the following places:
Server Configuration:
cf_root/runtime/jre/lib/security/cacerts
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/lib/security/cacerts
Sun JDK installation:
jdk_root/jre/lib/security/cacerts
You can verify the JRE that ColdFusion is using from the administrator under the 'System Information' page. Look for the Java Home line.

Related

WSO2 Identity Server ciphertool.bat script throwing an InvalidPathException

I am trying to run the ciphertool.bat script to encrypt strings in my WSO2 server. I am running the script with the -Dconfigure flag and receiving a InvalidPathException
I have not edited the ciphertool.bat script, the cipher-text.properties or the ciper-tool.properties files.
I am running version 5.7.0 of WSO2 Identity Server on a Windows machine.
Command I am running and the console output
C:\Program Files\WSO2\Identity Server\5.7.0\bin>ciphertool.bat -Dconfigure
BUILD SUCCESSFUL
Total time: 7 seconds
Using CARBON_HOME: C:\Program Files\WSO2\Identity Server\5.7.0
Using JAVA_HOME: C:\Program Files\Java\jdk1.8.0_181
Exception in thread "main" java.nio.file.InvalidPathException: Illegal char
<:> at index 45: C:\Program Files\WSO2\Identity Server\5.7.0\C:\Program
Files\WSO2\Identity Server\5.7.0\/repository/resources/security/wso2carbon.jks
at sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
at sun.nio.fs.WindowsPath.parse(WindowsPath.java:94)
at sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:255)
at java.nio.file.Paths.get(Paths.java:84)
at org.wso2.ciphertool.utils.Utils.getConfigFilePath(Utils.java:98)
at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:289)
at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
I expect that script would run without errors, especially if I haven't edited anything, but it's throwing this exception. Any thoughts?
This issue has been identified and a PR has been sent here. Unfortunately, it's not merged yet.
As a quick fix, you can follow the steps below.
clone the repo
checkout to the branch "v1.0.0-wso2v8"
locally make the suggested fix in the PR
build the JAR
overwrite the <IS_HOME>/lib/org.wso2.ciphertool-1.0.0-wso2v8.jar with new JAR
try the ciphertool command
You can give the location of the keystore file as below in <PRODUCT_HOME>/repository/conf/carbon.xml file
<Location>${carbon.home}\repository\resources\security\wso2carbon.jks</Location>
(Please note the backslashes)
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}\repository\resources\security\wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password svns:secretAlias="Carbon.Security.KeyStore.Password">password</Password>
<!-- Private Key alias-->
<KeyAlias>wso2carbon</KeyAlias>
<!-- Private Key password-->
<KeyPassword svns:secretAlias="Carbon.Security.KeyStore.KeyPassword">password</KeyPassword>
</KeyStore>

CentOS7 ccollab with perforce CL update issue

I cant get codecollaborator to upload files to for code review. I suspect I am missing some config. I have been scouring perforce and smartbear and stackover flow pages for a couple hours now no luck
CENTOS7
p4 (cant seem to find the version)
Collaborator Enterprise v11.2.11200
My p4 works totally fine have been using for months now to create CLs and submit. But now i need to upload files for code reviews.
command i ran to setup ccollab:
wget https://s3.amazonaws.com/downloads.smartbear/collaborator/11.2.11200/ccollab_client_11_2_11200_unix.sh
chmod +x ccollab_client_11_2_11200_unix.sh
./ccollab_client_11_2_11200_unix.sh
(went through install accepting entering as prompted)
ccollab login https://<codecollaborator_server> <username>
the above logs in fine no errors
ccollab --no-browser --scm perforce --server-proxy-host https://codecollaborator_server --p4user <username> --p4charset utf8 --p4client local_workspace_name --p4 /bin/p4 set
the try to upload a file
ccollab --debug addchangelist new 123456789
and get the following output:
Connecting to server at https://
Connected to Collaborator Enterprise v11.2.11200
Connected as:
Attaching changelists to review
Auto-detecting SCM System for '/my/workspace/path'
Checking client configuration for '/my/workspace/path'.
ERROR: Could not configure SCM system:
SCM system could not be auto-detected, but there was an error: Cannot run program "accurev" (in directory "/my/workspace/path"): error=2, No such file or directory
I tried to find what the "accurev" package is or how to use it but no joy.
Accurev is a different source control system. Sounds like Code Collab doesn't know that it's supposed to be using Perforce?

WSO2 Identity Server SAML Error encrypting XMLObject at Example Travelocity

When setting in the sample app: Travelocity.properties
#Specify if SAM LAssertion element is encrypted
SAML.EnableAssertionEncryption=true
And also tick the Identity server configuration option:
Enable Assertion Encryption [ticked]
Certificate Alias: wso2carbon
I receive the following error at the server log:
Error at Log: 2015-05-05 15:56:10,282 Error encrypting XMLObject
Without the encryption feature enabled, the SAML authentication flow with the Travelocity sample code starts working.
Hints are welcome how to fix this issue.
Regards,
Claude
It seems like you are working on the installed java runtime for the first time. I am using ubuntu 14. The same problem came to me. For me it worked in the following way.
1. Download the respective files according to your runtime from here.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Extract the folder you downloaded. There will be two .jar files.
3. For ubuntu you can run echo $JAVA_HOME to find the java home. Copy above jar files into {JAVA_HOME}/jre/lib/security. You may need sudo access depending on you JAVA_HOME location. If so run the following from the location you extracted the zip file.
cp local_policy.jar /{JAVA_HOME}/jre/lib/security
cp US_export_policy.jar /{JAVA_HOME}/jre/lib/security
There should be only one slash (/) at /{JAVA_HOME}.
4. Restart wso2 identity server again and retry the procedure to login to travelocity.com
Hope this will fix your issue.

"keytool error: java.io.IOException: Invalid keystore format"

I got a problem when I try to deploy the WSO2 EMM server.
In the doc https://docs.wso2.org/display/EMM101/iOS+Server+Configurations, step 7.b, when I try to execute this command:
keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
I got this error message:
"keytool error: java.io.IOException: Invalid keystore format"
looks like the wso2mobilemdm.jks is corrupt? I copy the wso2mobilemdm.jks from the binary package
"wso2mobileserver-1.0.1\repository\resources\security\wso2mobilemdm.jks"
Anything wrong?
This problem happened with me also. Reason in my case was "Keystore" was created using different jdk i.e. oracle jdk, And I was trying to open it with keytool command available in IBM's jdk. Once I tried with oracle jdk it worked.
That is because you are entering a wrong password. Just delete that file and execute this command again. It will create a new wso2mobilemdm.jks. Enter your passwords there. Also import the ra.p12 to the same keystore file you just created. There is no harm doing this since wso2mobilemdm.jks only will contain ca and ra entries.

Import Certificate for ColdFusion10

Trying to do a certificate import into the cacerts story in ColdFusion10. I am able to run these commands and get the .cer file to import using these commands.
Manually import a certificate
Go to a page on the SSL server in question.
Double-click the lock icon. Click the Details tab.Click Copy To
File. Select the base64 option and save the file. Copy the CER file
into C:\ColdFusion9\runtime\jre\lib\security (or whichever JRE
ColdFusion is using). Run the following command in the same
directory
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
But when I try and do a cfhttp call it fails. I suspect that I am saving the certificate in the wrong format.
I am using X.509 .der which is the recommended format. Is this the same base64? Does anyone know the documentation for this on CF10? I did this successfully on CF9 but it does not seem to work on CF10.
I would suggest using Certman from riaforge just to ensure that everything is being imported correctly
http://certman.riaforge.org/
Are you sure that the import worked? Whenever I have imported certificates in the past (using CF9) I needed to supply the password for the cacerts keystore. I do not see that in your posted example. The command to import should be something like this:
keytool -import -v -alias giveUniqueName -file filename.cer -keystore cacerts -storepass thePassword
Here is the command line to verify an imported certificate:
keytool -list -v -keystore cacerts -alias giveUniqueName -storepass thePassword
I did not include the password here but am pretty sure you can Google it. If not, send me a message and I can give it to you.
And yes, I always export the certificate in DER format as well. That should work.
Also, you may need to supply pathing information depending on where you run the keytool commands from and where your certificate file resides.
Another note, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.
Oh - and you have to restart ColdFusion after making the import.
UPDATE FOR CF10
I found a forum discussion (here) talking about installing certificates on CF10. The keytool commands appear to be slightly different in their example. In case it is a bit different than CF9, here is what they said:
keytool -importcert -alias giveUniqueName -trustcacerts -file filename.cer -keystore cacerts -storepass thePassword
Trust this certificate? [no]: y
It looks like the verification command line has not changed.