While working on a client's website and servers for CF Webtools we ran into a perplexing problem with CFHTTP and SSL. We were working on setting up payment processing using ColdFusion 8.0.1 (yes, I know it's ancient but the client is planning to upgrade to CF10 soonish) and it needed to communicate with a clients .NET server via secure CFHTTP (meaning over SSL). The problem was that SSL communications was failing. The error (below) was I/O Exception: peer not authenticated.

For several hours we tried everything from importing the SSL into the keystore to creating a separate keystore and including it in the jvm.config. We checked name resolution and tried different Java versions. The issue persisted even after upgrading the JVM to 1.6.0_45. We even tested from ColdFusion 9.0.1 and ColdFusion 10u9 running on Java 1.6.0_29 and nothing was working. Usually we can resolve SSL issues in short order. This issue, however, was beginning to seem like something on the server was preventing SSL communications - except for one nagging fact. When using a web browser on the server we could access the payment gateway web service url via SSL with no problem. So SSL was working and all tests indicated that the SSL certificate was installed correctly. What could be the problem?

[More]