I/O Exception: peer not authenticated

I have a client site running everything thru httpS (the box is ColdFusion 8 and IIS of some flavor, probably older). We have a URL on the site like so: httpS://sitename/process_pdfs.cfm?firstName=joe&lastName=Smith&date=4/1/2012 ...which is just a call to the CFDocument tag, makes a PDF and sticks it on the server for me. This works fine. I can stick that URL in a browser all day long and the PDFs are created correctly. We also have a nightly scheduled task that does this as a batch, creating multiple PDFs at once. The code looks about like so: <cfloop query="getNightlyRecords"> <cfset theurl = "httpS://sitename/process_pdfs.cfm?firstName=#getNightlyRecords.firstName#&lastName=#getNightlyRecords.lastName#&date=#getNightlyRecords.PDFdate#" /> <cfhttp url="#theurl#" method="get" result="rslt" timeout="999" /> </cfloop> This cfloop fails. The message I get in "rslt" is:

Charset [empty string]
ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure
Header [empty string]
Mimetype Unable to determine MIME type of file.
Responseheader
struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES

After some googling, it looked like one of these blog entries might do the trick. However they were all for ColdFusion 9 and this is a CF8 box. In short, none of them were working -- same error, no matter what. Several days later, the client (a non-technical person, which probably explains why he didn't think to tell us about this) emailed us to say he'd renewed the Verisign certificate right around the same time that this issue started happening. Aha! The problem was that the certificate issued by Verisign which was handled by my client had the wrong header assignment. The system imported it thinking it was a X.509 Cert but in fact it was a PCKS#7 cert. The SysaAdmin had to rewrite the cert header and re import. That fixed it. Finally. So on that note, I'm currently looking for a really good "Head First" style reference to learn all there is to learn about https certificates. Got an amazing reference you'd recommend? Please send it my way. -nolan Edit: after posting about this issue on the BACFUG mailing list, Brian Ghidinelli mentioned that he's used this code to resolve the same issue: <cfset objSecurity = createObject("java", "java.security.Security") /> <cfset storeProvider = objSecurity.getProvider("JsafeJCE") /> <cfset objSecurity.removeProvider("JsafeJCE") /> ...however that didn't work in my case. We think this might be because Brian was running CF8 Enterprise and perhaps my client's server is CF8 Standard. If anybody confirms that, please drop me a line.