Rob Gonda's Blog

ErrorDetail I/O Exception: peer not authenticated

If you ever see the following error when performing a cfhttp call:

ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Mimetype Unable to determine MIME type of file.
Statuscode Connection Failure. Status code unavailable.

It means that ColdFusion is trying to connect to a secure socket layer, but unfortunately, it can't.

So here's the situation, we launched a huge campaign and everything worked on the local environment. There's this one piece where Flash had to connect to a 3rd party's API and post some data using sendAndLoad. The 3rd party has a /crossdomain.xml allowing remote calls, therefore that will not be the problem when it breaks... Amazingly, everything worked from the IDE, but not when published... Still can't figure it out, but we're already late and I need a solution ... I know Flash can connect to my ColdFusion back-end, so I choose to write a proxy ... really simple, loop over every item in the form scope and create a cfhttpparam for it... I write it and deploy in about 3 minutes. It does not work!

Why? cfhttp cannot connect to the 3rd party ... I notice that they're using a 256bit encryption, which I cannot recall, but I might have read somewhere that it won't work with cfhttp. Perhaps I'm wrong, but I had no time to research ... The point is, cfhttp will not connect to that server.

When I google'd the error, thankfully, the first result was from my respected friend Steven Erat. It's a 3-year-old entry showing how to import a certificate to ColdFusion MX, but it still applies.

I followed step by step his instructions, and 10 minutes later my ColdFusion server was connecting to the 3rd party, effectively proxying the Flash RPC call.

Next step now is to find out why I could not connect directly, but my client and I can sleep tonight.

Thanks Steven.

There are no trackbacks for this entry.

Trackback URL for this entry:

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
You'll also get the "I/O Exception: peer not authenticated" error if site you're trying to access has an invalid, expired, or not yet active, SSL cert.

In our case, one of the test environments had the clock set several years in the past.

This post helped me tremendously. Thanks Rob.
# Posted By Jim | 9/9/08 1:56 PM
You're welcome Rob! ;-)

The comment by Jim is also pretty interesting.
# Posted By Steven Erat | 12/4/09 12:53 PM
This blog is running version 5.9.003. Contact Blog Owner