December 2013

Gavin Pickin

Techie Gotcha - CFML Server - Follow up to Upgrading your Java JRE / JVM - Do Not Forget

CFML Server, Techie Gotchas

After posting my last post... about wiping the dust off your JRE and updating it, for your CFML Server, I thought, there are a couple more things I better highlight. One of the issues you might find when updating (there aren't many really) is that all your java settings that the JRE stored in the old folder, are no longer in the new folder, the most important one I think, is the Java certificate keystore.

Certain tags, like CFHTTP cannot communicate over SSL unless the cert is in the keystore... so you (or a co-worker) might have had to add the certificates to the keystore. When you upgrade JRE / JVM, these changes do not go with you, so you need to make sure you export them all and import them into the new keystore.

You can obviously use the command line, and while the command line should be your friend, Open Source should be too. CertMan is a great little CF Administrator extension, that works in CF8 / 9 / 10, and allows you to use a nice user interface to manage the certs. You can visit CertMan on RIA Forge here

If you are using CertMan, you obviously can only interact with the JVM that started ColdFusion. So, if you need to roll the JVM update back, you can do so, use the CertMan to export all the certs you need, and then update the JVM Path again, and then import all the Certs back in. You can use the command line to do this, but its much easier using CertMan, since you can see the certs, their expiration dates, common names, all in a simple html table layout. 

This is the only real issue I have seen with updating the JVM, and its more common than some of the other issues that might arise.
Hopefully CertMan helps, and if you can, export the Cert Keys before you update the JVM, to save yourself a couple of headaches.

If anyone else has come across other JRE / JVM upgrade issues, please share your experiences in the comments below.



Blog Search