When working with CFHTTP and calling URLs that are secured with SSL (HTTPS) you may receive the error:
I/O Exception: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
This is likely due to ColdFusion/JAVA not having the certificate within its trust store of SSL certificates. To resolve this following the below steps (based on Linux CentOS commands):
- Download the domains SSL certificate you are calling within your CFHTTP. Click here for a useful how-to guide on doing this.
- Using FileZilla or any FTP program upload your saved certificate to the server in an easy to remember location.
- Change to the directory that contains the JAVA version you are using as shown below:
- You will be using the 'keytool' commands to import your certificate and apply it. Below is an example, we will go through each command element further below:
keytool -import -v -alias your-saved-cert -file /your-saved-cert.cer -keystore /usr/java/jdk1.8.0_66/jre/lib/security/cacerts -storepass changeit
- Next you will need to restart ColdFusion services to apply the changes fully.
- -alias your-saved-cert
This alias will be a unique name you need to provide so it can be referenced by yourself and JAVA
- -file /your-saved-cert.cer
This tells the keytool where your file is located on the server, in the above example the file 'your-saved-cert.cer' is located in the root of the server
- -keystore /usr/java/jdk1.8.0_66/jre/lib/security/cacerts
The keystore option is the location of the cacerts file that will store the references of your certificate
- -storepass changeit
The storepass is the password of your JAVA store on your server, by default it is 'changeit'