0

I am using cfhttp to try to pull some json from one of our organizations APIs. I have the code working when trying to pull example json from one of our own servers, but when I point it to the API itself I receive a connection failure. This is the code:

<cfhttp method="get" url="http://[url]/api/menu">
    <cfhttpparam type="URL"     name="id"   value="[guid]">
</cfhttp>
<cfset FileWrite("#application.tempDirPath#/temp.json", CFHTTP.FileContent)>

I have replaced the real values with [url] and [guid].

I have tried accessing this url in a browser at https://[url]/api/menu?id=[guid] and it works perfectly fine, indicating that my machine has no problem reaching that url. The url is a server in our network that I can access as long as I'm on the company VPN.

Things that I have tried:

  • The live code should point to https. I've tried both http and https.
  • I've tried hitting the home page at that same url and it also results in a connection failure, but works in a browser.
  • I've tried this same code with http://www.google.com, and that downloads the Google html without issue.
  • I've tried restarting ColdFusion and my machine.

  • I've tried disabling compression via headers:

    <cfhttp method="get" url="http://[url]/api/menu">
    <cfhttpparam type="header" name="Accept-Encoding" value="deflate;q=0" />
    <cfhttpparam type="header" name="TE" value="deflate;q=0" />
    <cfhttpparam type="URL"           name="id"          value="[guid]">
</cfhttp>

I do not have access to the target server. I can ask those who do have access for help, but their conclusion at this point is "this is a ColdFusion problem.", so I'm not sure how much help I can get. This makes it impossible for me to check for Firewall rules or user-agent restrictions; suggestions on ways to test for those things locally would be welcome.

Edit

Per comments on this question I determined that http is just redirecting to https at that address. So I followed the instructions provided at ColdFusion https connection failure to import the certificate. After doing so I followed the instructions to verify that the cert was imported successfully. I then restarted CF Server.

After that I ran my code again and dumped the cfhttp struct as a whole into the temp file. This was the result:

<?xml version="1.0" encoding="UTF-8"?>
<STRUCT ID="1">
   <ENTRY NAME="Errordetail" TYPE="STRING">I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</ENTRY>
   <ENTRY NAME="Mimetype" TYPE="STRING">Unable to determine MIME type of file.</ENTRY>
   <ENTRY NAME="Statuscode" TYPE="STRING">Connection Failure.  Status code unavailable.</ENTRY>
   <ENTRY NAME="Filecontent" TYPE="STRING">Connection Failure</ENTRY>
   <ENTRY NAME="Responseheader" TYPE="STRUCT">
      <STRUCT ID="2" />
   </ENTRY>
   <ENTRY NAME="Text" TYPE="BOOLEAN">true</ENTRY>
   <ENTRY NAME="Charset" TYPE="STRING" />
   <ENTRY NAME="Header" TYPE="STRING" />
</STRUCT>
rrk
  • 14,861
  • 4
  • 25
  • 41
Nicholas
  • 1,734
  • 3
  • 19
  • 42
  • 2
    You CFHTTP is calling HTTP but your browser is hitting HTTPS. Does the server accept connections on port 80 and 443? – haxtbh Jan 02 '20 at 16:40
  • Could also do with a more specific error message – haxtbh Jan 02 '20 at 16:40
  • Sounds like a certificate issue. Does `http://[url]/` redirect to `https://[url]/`? `cfhttp` follows redirects by default, possibly hitting the certificate. Try using ` – Alex Jan 02 '20 at 18:06
  • @haxtbh I've tried both http and https on my browser and my cfhttp. Both work in browser and both fail in cfhttp. I have tried specifying port 443 as well. "Connection Failure" is the only message that appears in cfhttp's filecontent. – Nicholas Jan 02 '20 at 18:08
  • @Alex You may be right. Writing out the full cfhttp struct I see "I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target". I went back to the browser and there is a redirect I didn't notice before. I'll read up on importing a certificate. I saw it didn't work on http and just jumped to the conclusion it wasn't an https issue. – Nicholas Jan 02 '20 at 18:09

0 Answers0