Need to obtain certificate for use with keytool to import in cacerts

Regular Participant

Need to obtain certificate for use with keytool to import in cacerts

I already have the syntax for working with keytool.exe to import into cacerts file, but need to know how-or-where to obtain the ConstantContact .cer file to import into cacerts.  I did this similar action a couple years ago for connecting ColdFusion to SQL Azure, but lost my notes. 


The goal is that despite having credentials and API key, this certficate is needed in order for ColdFusion's CFHTTP, CFDOCUMENT and similar tags to function with ConstantContact.


Thanks in advance for any help.  (Specific examples or runflows appreciated over theory-type answers.)


Hey Sean,


What is your OS, and what software are you running?

Nick Galbraith
Support Engineer
Regular Participant

OS: Windows Server.

Application Server: ColdFusion 8


But neither of those matter to my question.

Restating: Where do I obtain's certificate to import into my keystore?




Hi Sean,


We don't provide the certificates directly, as we use a third party company to send out the certificate information. Windows should be updating certificate information automatically to your keystore, but I've found some information online of someone that has run into a similar issue, and they provided steps for a workaround. Let me know if this helps.

Nick Galbraith
Support Engineer
Regular Participant

Thanks for the link.  We had already come across that one.


Again, what would that third party be?  Tried looking it up using just the and, but could not find either ConstantContact or Global Trust using the FireFox plugin described.


Again, instead of a bunch of links, if I could get an exact runflow (list of instructions) posted here, that would be best.  Or better yet, just send me the .cer file to use. Or at least let us know the CA certificate authority ConstantContact is using for





Our certificates are published through GlobalSign.  Unfortunately, how to install these certificates in specific server configurations is beyond the scope of the support we provide.  Most hosting companies automatically update CA caches to reflect the most current certificates as part of their services.  All Windows 2008+ IIS servers have that automatically updated as part of their regular security updates published from Microsoft.


For any support on updating certificates for a specific server software package or hosting company, we recommend you go to your vendor for answers to those questions.  We are able to help with most questions regarding the functionality and use of our API in software development but are not able to provide advanced or specific server management support.  We do try, as Nick did, to provide publicly available resources from other sites to try to help find a resolution but providing exact steps as you are requesting is just not something we can do for all of the different possible hosting resources out there.

Dave Berard
Senior Product Manager, Constant Contact
Regular Participant

Hmmm... you are saying you use GlobalSign but cannot give us the cert names. Ok.


We found two certificates, one and globaltrustee.crt to use. 

We found 3 more for GlobalSign at your indication, and will load those as well.


Once we restart the ColdFusion service we'll see if this API will now work.  We are expecting that that it will. We have to wait and get permission from our client to do an unscheduled restart of the ColdFusion service.


Should we have any further issues we will let you know.


Thank you for your help. 




Regular Participant

Still getting an authentication exception. 


We've loaded all the certs mentioned in into the trust store (c:\coldfusion8\runtime\jre\lib\security\cacerts), restarted the ColdFusion service, and this morning was still getting 'I/O Exception peer not authenticated'.


Can someone take a peek at the CFHTTP documentation below, and tell us any thing further we need, maybe in terms of proxy, preferred user agent or whatever?


It appears we are connecting enough to get the authentication exception, so I am taking this to mean our URL, Username, Password and API key are correct.


In the interim, we will be manually iterating thru the known certs in the CFHTTP tag itself, since loading them into cacerts did not appear to solve the issue.



How was this issue ultimately resolved?  We are running into the same issue.  We have placed the root certificate for GlobalSign into cacerts in our embedded JRE, but to no avail.  Still getting the peer not authenticated error that is described in this thread.


Need some direction.

Developer Portal

View API documentation, code samples, get your API key.

Visit Page