I've run into this and the scenario is as Steve explained. Short of shelling out to curl, which has an option to ignore certificate errors, I never found a good CF solution. There used to be a custom tag CFHTTP5 that had a lot of great options - when I googled for it to answer your post I found this posting from Ray C that shows a possible CF work-around for the problem: http://www.raymondcamden.com/index.cfm/2011/1/12/Diagnosing-a-CFHTTP-i ssue--peer-not-authenticated
-reed