21

我有一个 API 在我的两台 Web 服务器之一上运行良好,但在另一台或本地计算机上运行良好,相反,当我在登录过程中发送 https 请求时出现连接失败。

这些请求非常简单,并且可以在运行它的三台服务器之一上正常运行。第一个如下:

<cfhttp url="https://accounts.ea.com/connect/auth?response_type=code&client_id=EASFC-web&state=59c5a8f1c4e7a991c1da0b54504c38e45f4d8d78&redirect_uri=http%3A%2F%2Fwww.easports.com%2Ffifa%2Ffootball-club%2Flogin_check&locale=uk&scope=basic.identity+basic.persona+signin+offline " method="GET" result="Stage2" redirect="false">
    <cfhttpparam type="header" name="Accept" value="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" />
    <cfhttpparam type="header" name="Accept-Encoding" value="gzip, deflate" />
    <cfhttpparam type="header" name="Accept-Language" value="en-US, en;q=0.5" />
    <cfhttpparam type="header" name="Connection" value="keep-alive" />
    <cfhttpparam type="header" name="Host" value="accounts.ea.com" />
    <cfhttpparam type="header" name="User-Agent" value="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" />
</cfhttp>

我看过了,这似乎是一个常见问题,但这个修复并没有带来任何乐趣。

我假设我可能忽略了一些安全设置?如果有帮助,我可以在本地计算机上的浏览器中点击该页面并登录。

有人有建议吗?

这是 CFDUMP 中返回的内容:

Debugging Information 
ColdFusion Server Developer 9,0,0,251028
Template    /CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm
Time Stamp  09-Dec-13 11:40 AM
Locale  English (UK)
User Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Remote IP   127.0.0.1
Host Name   127.0.0.1
________________________________________
Execution Time
Total Time  Avg Time    Count   Template
608 ms  608 ms  1   C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\logInSearchAccount17.cfm
5 ms    5 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\Application.cfc | onRequestStart(/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\Application.cfc
1 ms    1 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Player.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Player.cfc
0 ms    0 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Bid.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Bid.cfc
0 ms    0 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Club.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Club.cfc
0 ms    0 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Connect.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Connect.cfc
0 ms    0 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Search.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\Search.cfc
0 ms    0 ms    1   CFC[ C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\doLogin.cfc | init([complex value]) ] from C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\cfcs\doLogin.cfc
4 ms        STARTUP, PARSING, COMPILING, LOADING, & SHUTDOWN
617 ms      TOTAL EXECUTION TIME
red = over 250 ms average execution time 
________________________________________
Scope Variables
CGI Variables:
AUTH_PASSWORD=
AUTH_TYPE=
AUTH_USER=
CERT_COOKIE=
CERT_FLAGS=
CERT_ISSUER=
CERT_KEYSIZE=
CERT_SECRETKEYSIZE=
CERT_SERIALNUMBER=
CERT_SERVER_ISSUER=
CERT_SERVER_SUBJECT=
CERT_SUBJECT=
CF_TEMPLATE_PATH=C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\logInSearchAccount17.cfm
CONTENT_LENGTH=
CONTENT_TYPE=
CONTEXT_PATH=
GATEWAY_INTERFACE=
HTTPS=
HTTPS_KEYSIZE=
HTTPS_SECRETKEYSIZE=
HTTPS_SERVER_ISSUER=
HTTPS_SERVER_SUBJECT=
HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODING=gzip, deflate
HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5
HTTP_CONNECTION=keep-alive
HTTP_COOKIE=cf_debug_general=block; cf_debug_template_stack=block; CFID=15108; CFTOKEN=12249080; CFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWlu; CFADMIN_LASTPAGE_ADMIN=%2FCFIDE%2Fadministrator%2Fdebugging%2Findex%2Ecfm
HTTP_HOST=127.0.0.1:8500
HTTP_REFERER=
HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
PATH_INFO=
PATH_TRANSLATED=C:\Services\web\wwwroot\CraigTest\FUT\FIFACPB\logInSearchAccount17.cfm
QUERY_STRING=reinit=1
REMOTE_ADDR=127.0.0.1
REMOTE_HOST=127.0.0.1
REMOTE_USER=
REQUEST_METHOD=GET
SCRIPT_NAME=/CraigTest/FUT/FIFACPB/logInSearchAccount17.cfm
SERVER_NAME=127.0.0.1
SERVER_PORT=8500
SERVER_PORT_SECURE=0
SERVER_PROTOCOL=HTTP/1.1
SERVER_SOFTWARE=
WEB_SERVER_API=
Cookie Variables:
CFADMIN_LASTPAGE_ADMIN=/CFIDE/administrator/debugging/index.cfm
CFAUTHORIZATION_cfadmin=YWRtaW4NRTg5NzE2OTdCODczMUI0MDVBM0UxRTZCMjI2N0I1MDA5M0QzQkE4MQ1jZmFkbWlu
CFID=15108
CFTOKEN=12249080
cf_debug_general=block
cf_debug_template_stack=block
Session Variables:
biddingaccountloggedin=0
biddingaccountloginattempts=0
cfid=15108
cftoken=12249080
mainaccountloggedin=0
mainaccountloginattempts=0
pricingaccountloggedin=0
pricingaccountloginattempts=0
searchaccount10loggedin=0
searchaccount10loginattempts=0
searchaccount11loggedin=0
searchaccount11loginattempts=0
searchaccount12loggedin=0
searchaccount12loginattempts=0
searchaccount13loggedin=0
searchaccount13loginattempts=0
searchaccount14loggedin=0
searchaccount14loginattempts=0
searchaccount15loggedin=0
searchaccount15loginattempts=0
searchaccount16loggedin=0
searchaccount16loginattempts=0
searchaccount17gamertag=ZappyShrimp8
searchaccount17loggedin=0
searchaccount17loginattempts=0
searchaccount18loggedin=0
searchaccount18loginattempts=0
searchaccount19loggedin=0
searchaccount19loginattempts=0
searchaccount1loggedin=0
searchaccount1loginattempts=0
searchaccount20loggedin=0
searchaccount20loginattempts=0
searchaccount21loggedin=0
searchaccount21loginattempts=0
searchaccount22loggedin=0
searchaccount22loginattempts=0
searchaccount23loggedin=0
searchaccount23loginattempts=0
searchaccount24loggedin=0
searchaccount24loginattempts=0
searchaccount25loggedin=0
searchaccount25loginattempts=0
searchaccount26loggedin=0
searchaccount26loginattempts=0
searchaccount27loggedin=0
searchaccount27loginattempts=0
searchaccount28loggedin=0
searchaccount28loginattempts=0
searchaccount29loggedin=0
searchaccount29loginattempts=0
searchaccount2loggedin=0
searchaccount2loginattempts=0
searchaccount30loggedin=0
searchaccount30loginattempts=0
searchaccount3loggedin=0
searchaccount3loginattempts=0
searchaccount4loggedin=0
searchaccount4loginattempts=0
searchaccount5loggedin=0
searchaccount5loginattempts=0
searchaccount6loggedin=0
searchaccount6loginattempts=0
searchaccount8loggedin=0
searchaccount8loginattempts=0
sessionid=FIFAAUTOBUYER_15108_12249080
urltoken=CFID=15108&CFTOKEN=12249080
URL Parameters:
reinit=1
Debug Rendering Time: 21 ms

CFDUMP 阶段 2:

struct
Charset     [empty string]
ErrorDetail     I/O Exception: peer not authenticated
Filecontent     Connection Failure
Header  [empty string]
Mimetype    Unable to determine MIME type of file.
Responseheader  
struct [empty]
Statuscode  Connection Failure. Status code unavailable.
Text    YES
4

8 回答 8

26

If you are using cfhttp to connect via SSL (https) then the ColdFusion server definitely needs the certificate installed to successfully connect. Here is a previous answer that I gave on a similar issue:

Here are the steps you need to perform in order to install the certificate to the Java keystore for ColdFusion. First, be sure you are updating the correct cacerts file that ColdFusion is using. In case you have more than one JRE installed on that server. You can verify the JRE ColdFusion is using from the administrator under the 'System Information'. Look for the Java Home line.

The default truststore is the JRE's cacerts file. This file is typically located in the following places:

  • Server Configuration:

    cf_root/runtime/jre/lib/security/cacerts

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/lib/security/cacerts

  • Sun JDK installation:

    jdk_root/jre/lib/security/cacerts

  • Consult documentation for other J2EE application servers and JVMs

In order to install the certificate you need to first get a copy of the certificate. This can be done by using Internet Explorer. Note that different versions of Internet Explorer will behave slightly differently but should be very similar to these steps. For example, earlier versions of IE might save the certificate under a different tab than I mention.

  1. Browse to the SSL URL in Internet Explorer - https://xyz/infoLookup.php?wsdl.
  2. View the certificate by clicking on the lock icon and clicking view certificate
  3. Then click the Install Certificate... button (note: if you do not see this button you must close IE and run it as administrator first)
  4. Click on IE's Internet Options and click the Content tab
  5. Click the Certificates button
  6. Find the server's certificate under the Intermediate Certification Authorities tab, select the cert and click the Export... button
  7. Export using DER format

Copy the exported certificate file to your ColdFusion server (you can delete the cert from IE if you want)

  1. Run cmd prompt as administrator on the ColdFusion server
  2. Make a backup of the original cacerts file in case you run into issues

The keytool is part of the Java SDK and can be found in the following places:

  • Server Configuration:

    cf_root/runtime/bin/keytool

  • Multiserver/J2EE on JRun 4 Configuration:

    jrun_root/jre/bin/keytool

  • Sun JDK installation:

    jdk_root/bin/keytool

  • Consult documentation for other J2EE application servers and JVMs

To install the cert:

  1. Change directory to your truststore's location (where the cacerts file is located)
  2. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -import -v -alias your_cert_alias_name -file C:\wherever_you_saved_the_file\cert_file.cer -keystore cacerts -storepass changeit
  3. Type yes at the prompt to "Trust this certificate?"

Note: *your_cert_alias_name* I used above can be whatever you want
Note: *C:\wherever_you_saved_the_file\cert_file.cer* change these values to whatever you use for the server folder and certificate file name

To verify the cert:

  1. Type this command (use current jvm and use current jvm's keytool) "c:\program files\java\jre7\bin\keytool" -list -v -keystore cacerts -alias your_cert_alias_name -storepass changeit

Note: *your_cert_alias_name* use the same name here that you used above to install the cert

Restart the ColdFusion service It will not read the updated cacerts file until you do this.

You can delete the imported certificate file from the server if you wish.

于 2013-12-09T16:38:15.693 回答
5

我没有足够的分数来评论@Miguel-F 的答案,所以我需要用我的经验和更多细节发布这个答案......

按照说明添加证书后,CFHTTP 仍然没有为我获取 https 站点。我发现这篇文章最终帮助我解决了这个问题。它描述了将 SSL 调试输出添加到 coldfusion-out.log 文件,该文件指定了您缺少的证书的确切下载 URL。我缺少的证书是“让我们加密”的证书,它在日志文件中显示为:

accessLocation: URIName: http://cert.int-x3.letsencrypt.org/

我点击该 URL 并使用 keytool 将下载的文件添加到密钥库。瞧!理智恢复了。

我既爱又恨 ColdFusion

于 2017-11-30T14:54:45.793 回答
4

这里有许多可能呈现此消息的场景。

还有许多详细的博客文章和主题可以帮助您调查您的问题。

1)DNS解析问题——确保你可以点击端点url,否则会产生这个错误。

2)确保在cfhttp请求中设置用户代理,服务器很容易检测到非标准的用户代理并将其过滤掉。

enter code here

3) 在请求中禁用压缩。在您访问某些服务器的情况下,这是可行的。这可以拿出一些IIS的配置。搜索中有许多带有此示例的站点,它对我有用。

<cfhttp url="https://yourUrlHere.com" method="get">
    <cfhttpparam type="Header" name="Accept-Encoding" value="*"> 
    <cfhttpparam type="Header" name="TE" value="deflate;q=0">
</cfhttp>

根据另一端的 http 服务器,您可以尝试发送的另一个标头是:

<cfhttpparam type="header" name="Accept-Encoding" Value="no-compression">

资源

4) 如果问题是由 SSL 证书引起的,您可以手动将证书添加到您的服务器。如果可能的话,我宁愿不朝这个方向看,但你可以搜索它。

5) 连接到 https url 的另一种情况是可能需要禁用默认证书提供程序(Java 中有很多,默认的可能不适合所需的)。这不会影响安全性,仅使用不同的等效库。

示例 5 的来源

6) 最后但并非最不重要的一点是,您可能会成为重写规则的牺牲品。我没有经历过这个,但它看起来很有趣。

使用 mod_rewrite 时的 CFHTTP“连接失败”问题

于 2014-06-18T01:43:36.140 回答
4

我有一台带有Coldfusion 10(使用 Java 版本:1.7.0_15)和Windows Server 2008的服务器。我为我的 API url 添加了证书。但是我遇到了错误

连接失败:状态码不可用。

然后我在 Coldfusion Administrator 中将以下配置添加到 Coldfusion JVM 配置中,它开始工作。

-Dhttps.protocols=TLSv1.1,TLSv1.2
于 2017-06-30T08:45:52.990 回答
2

对于那些在使用 cfhttp 和 Google 的 recaptcha 安全验证服务(就像我所做的那样)时遇到问题的人来说,此页面上关于将 Google 的安全证书添加到 JRE 的 cacerts 文件中的帖子是必不可少的。

同样重要的(而且不容易找到)是添加

<cfhttpparam type="CGI" encoded="false" name="Content_Type" value="application/json; charset=utf-8">

给你cfhttp请求。这将解决“无法确定内容类型。无效的 MIME”错误。这也看起来像一个连接错误。(添加到上面 Jas 的答案)

感谢 Adob​​e 的 ColdFusion 社区论坛上的 12Robots !

于 2015-06-05T17:04:26.343 回答
1

如果您要访问的服务器需要TLS 1.2. 这需要您将 JVM 更新为1.8,您可以在此处找到更多信息:

http://blogs.coldfusion.com/post.cfm/how-to-change-upgrade-jdk-version-of-coldfusion-server

于 2017-03-16T18:41:38.677 回答
0

我有一个类似的问题,@Miguel-F 的回答对我来说非常有效。

我唯一想补充的是,它在第​​一次尝试时对我不起作用,因为我从浏览器实际下载的证书不知何故被我的卡巴斯基杀毒软件替换为不同的证书。因此,将其添加到信任存储中没有任何作用。

在第二次尝试中,我从没有该防病毒软件的不同系统下载了证书,并将其添加到信任库为我解决了这个问题。

于 2021-02-17T18:06:44.207 回答
0

谢谢大卫。我添加了以下 3 个标题标签,一切都很好。

<cfhttpparam type="header" name="Content-Type" value="application/json" />
<cfhttpparam type="header" name="Accept-Encoding" Value="*">
<cfhttpparam type="Header" name="TE" value="deflate;q=0">

谢谢-Hitesh

于 2019-11-06T04:31:54.917 回答