CF7 Verisign SSL Update Causing PayPal Connection Failure

Published: {ts '2011-01-29 00:00:00'}
Author: Steven Neiland
Site Url: http://www.neiland.net/article/cf7-verisign-ssl-update-causing-paypal-connection-failure/

If you are trying to connect to the paypal api with ColdFusion 7 & IIS6 you may be experiencing a "connection failure" message. This is most likely caused by a Verisign Root SSL update in September 2009. Fortunately this is easy to fix. CF8+ is not affected.

For more information a description of the ssl update can be found at
https://ppmts.custhelp.com/cgi-bin/ppdts.cfg/php/enduser/std_adp.php?p_faqid=800

Step 1: Download Root Certificates

Download the roots cert package https://www.verisign.com/support/roots.zip and extract it your desktop.

Navigate to "{extracted folder}\VeriSign Root Certificates\Generation 2 (G2) PCAs" and copy "Class 3 Public Primary Certification Authority - G2.cer" to your "C" drive and rename it to "vs-g2-import.cer"

Step 2: Run the Coldfusion Keytool

Next we open a command prompt and running the following commands, replacing the relevent drive letters.

For Coldfusion 7 Standard


>CD c:\CFusionMX7\runtime\jre\bin >keytool.exe -import -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts -storepass changeit -noprompt -trustcacerts -file C:\vs-g2-import.cer -alias vs-g2-import-09-09-30

For Coldfusion 7 Enterprise


>CD c:\jrun4\jre\bin\ >keytool.exe -import -keystore C:\jrun4\jre\lib\security\cacerts -storepass changeit -noprompt -trustcacerts -file C:\vs-g2-import.cer -alias vs-g2-import-09-09-30

Step 3: Restart and Test

At this stage all we need to do is to restart coldfusion.
"Control Panel" -> "Administrator Tools" -> "Services"
> select Coldfusion 7 and restart.