I have an app on a CF 8.01 server that uses CFHTTP to call the Google AdWords SOAP API via SSL. It recently started throwing errors on the CFHTTP calls, apaprently due to a bad cert for the adwords site - The ErrorDetail in the CFHTTP results is "I/O Exception: Name in certificate 'google.com' does not match host name 'adwords.google.com'"
In the past when I've had an error like this, all I needed to do was to browse to the WSDL URL for the SOAP service, download the new DER format cert, run keytool to import it, restart, and that was that. I did that this time, and it didn't change the error. The results of the keytool import were successful - I can do a -list and see the new cert info. I also made sure to restart CF after each keytool import.
I have another server that is running CF9, and when I move my code over to it, it runs just fine, so I figured it must have a more recent certstore. but when I dump it's certstore with -list and look, there are no certs in it for any google.com URLs. Unfortunately, there are other parts of this app that make moving/upgrading that system from CF8 to CF9 difficult at the moment.
Anyone think of other possible reasons for this? The adwords WSDL URL is:
https://adwords.google.com/api/adwords/cm/v201302/CampaignService?wsdl
If I try to re-import the cert, using a different alias, it tells me that it already exists, and shows me the alias name that I had used previously. Here is the keytool cmd I am using (retyped from the command prompt window):
c:\ColdFusion8\runtime\jre\bin>keytool -import -v -alias adwords201302 -file H:adwords-google-com-201302.der -keystore c:\coldfusion8\runtime\jre\lib\security\cacerts -storepass changeit
when it asks if I want to import, I type "yes"
thanks for any ideas!
Reed