Using CFHTTP to a secure site fails when ColdFusion sandbox security is enabled

I am trying to make an HTTP call to a secure (HTTPS) third party site and it is failing with the following error:

I/O Exception: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

Searching for that error brings up some answers stating that the certificate needs to be installed in the keystore that is being used. However, the site that I am trying to reach is using a certificate from Entrust root authority which is already trusted. Besides it works fine when security is loosened. See below.

I am running Adobe ColdFusion 11 on Java 1.8 (Windows Server). The twist to this is that the connection works fine if I turn off ColdFusion's Sandbox Security setting. So obviously something is being blocked when that setting is enabled. I am having a hard time finding what to allow to make it work. Has anyone run across this issue before? It seems to happen when attempting to connect with any site that is secure when the sandbox security is enabled.

Here is a small test case to see the issue. Try it first without sandbox security enabled. Then again with sandbox security enabled. Does it fail for you too?

<cftry>
    <cfhttp url="https://www.bing.com/" method="get" timeout="30"></cfhttp>
    <cfdump var="#cfhttp#">
    <cfcatch type="any">
        <cfdump var="#cfcatch#">
    </cfcatch>
</cftry>

It may be some other security restrictions that we have in place on the server. For now though, if I turn off sandbox security it works. That leads me to believe that any other server security is not the cause.

Adding server class path info. Note that I added line breaks to improve readability:

E:/ColdFusion11/cfusion/lib/updates/chf11000015.jar;
E:/ColdFusion11/cfusion/lib/activemq-core-5.7.0.jar;
E:/ColdFusion11/cfusion/lib/ant-launcher.jar;
E:/ColdFusion11/cfusion/lib/ant.jar;
E:/ColdFusion11/cfusion/lib/antisamy-1.5.7.jar;
E:/ColdFusion11/cfusion/lib/antlr-2.7.6.jar;
E:/ColdFusion11/cfusion/lib/apache-solr-core.jar;
E:/ColdFusion11/cfusion/lib/apache-solr-solrj.jar;
E:/ColdFusion11/cfusion/lib/asm-all-5.0.4.jar;
E:/ColdFusion11/cfusion/lib/asn1.jar;
E:/ColdFusion11/cfusion/lib/axis.jar;
E:/ColdFusion11/cfusion/lib/batik-css.jar;
E:/ColdFusion11/cfusion/lib/batik-ext.jar;
E:/ColdFusion11/cfusion/lib/batik-util.jar;
E:/ColdFusion11/cfusion/lib/bcel-5.1-jnbridge.jar;
E:/ColdFusion11/cfusion/lib/bcel.jar;
E:/ColdFusion11/cfusion/lib/bcmail-jdk14-139.jar;
E:/ColdFusion11/cfusion/lib/bcprov-jdk14-139.jar;
E:/ColdFusion11/cfusion/lib/cdo.jar;
E:/ColdFusion11/cfusion/lib/cdohost.jar;
E:/ColdFusion11/cfusion/lib/certj.jar;
E:/ColdFusion11/cfusion/lib/certjWithNative.jar;
E:/ColdFusion11/cfusion/lib/cf-acrobat.jar;
E:/ColdFusion11/cfusion/lib/cf-assembler.jar;
E:/ColdFusion11/cfusion/lib/cf-lib1882801355.jar;
E:/ColdFusion11/cfusion/lib/cf-logging.jar;
E:/ColdFusion11/cfusion/lib/cf4was.jar;
E:/ColdFusion11/cfusion/lib/cf4was_ae.jar;
E:/ColdFusion11/cfusion/lib/cfusion-req.jar;
E:/ColdFusion11/cfusion/lib/cfusion.jar;
E:/ColdFusion11/cfusion/lib/chart.jar;
E:/ColdFusion11/cfusion/lib/clibwrapper_jiio.jar;
E:/ColdFusion11/cfusion/lib/closure-compiler.jar;
E:/ColdFusion11/cfusion/lib/commons-beanutils-1.9.3.jar;
E:/ColdFusion11/cfusion/lib/commons-codec-1.6.jar;
E:/ColdFusion11/cfusion/lib/commons-collections-3.2.2.jar;
E:/ColdFusion11/cfusion/lib/commons-compress-1.9.jar;
E:/ColdFusion11/cfusion/lib/commons-digester-2.0.jar;
E:/ColdFusion11/cfusion/lib/commons-discovery-0.4.jar;
E:/ColdFusion11/cfusion/lib/commons-httpclient-3.1.jar;
E:/ColdFusion11/cfusion/lib/commons-lang-2.4.jar;
E:/ColdFusion11/cfusion/lib/commons-logging-1.1.3.jar;
E:/ColdFusion11/cfusion/lib/commons-logging-1.2.jar;
E:/ColdFusion11/cfusion/lib/commons-logging-api-1.1.1.jar;
E:/ColdFusion11/cfusion/lib/commons-net-3.4.jar;
E:/ColdFusion11/cfusion/lib/commons-vfs2-2.0.jar;
E:/ColdFusion11/cfusion/lib/crystal.jar;
E:/ColdFusion11/cfusion/lib/derby.jar;
E:/ColdFusion11/cfusion/lib/derbyclient.jar;
E:/ColdFusion11/cfusion/lib/derbynet.jar;
E:/ColdFusion11/cfusion/lib/derbyrun.jar;
E:/ColdFusion11/cfusion/lib/derbytools.jar;
E:/ColdFusion11/cfusion/lib/dom4j-1.6.1.jar;
E:/ColdFusion11/cfusion/lib/dpHibernate.jar;
E:/ColdFusion11/cfusion/lib/ehcache-core-2.6.6.jar;
E:/ColdFusion11/cfusion/lib/ehcache-web-2.0.4.jar;
E:/ColdFusion11/cfusion/lib/esapi-2.0.1.jar;
E:/ColdFusion11/cfusion/lib/EWSAPI-1.1.5.jar;
E:/ColdFusion11/cfusion/lib/FCSj.jar;
E:/ColdFusion11/cfusion/lib/flashgateway.jar;
E:/ColdFusion11/cfusion/lib/flex-messaging-common.jar;
E:/ColdFusion11/cfusion/lib/flex-messaging-core.jar;
E:/ColdFusion11/cfusion/lib/flex-messaging-opt.jar;
E:/ColdFusion11/cfusion/lib/flex-messaging-proxy.jar;
E:/ColdFusion11/cfusion/lib/flex-messaging-remoting.jar;
E:/ColdFusion11/cfusion/lib/flex-rds-server.jar;
E:/ColdFusion11/cfusion/lib/fluent-hc-4.3.5.jar;
E:/ColdFusion11/cfusion/lib/fluent-hc-4.5.2.jar;
E:/ColdFusion11/cfusion/lib/geronimo-stax-api_1.0_spec-1.0.1.jar;
E:/ColdFusion11/cfusion/lib/hibernate-commons-annotations-4.0.1.Final.jar;
E:/ColdFusion11/cfusion/lib/hibernate-core-4.1.10.Final.jar;
E:/ColdFusion11/cfusion/lib/hibernate-ehcache-4.1.10.Final.jar;
E:/ColdFusion11/cfusion/lib/hibernate-jpa-2.0-api-1.0.1.Final.jar;
E:/ColdFusion11/cfusion/lib/httpclient-4.5.2.jar;
E:/ColdFusion11/cfusion/lib/httpclient-cache-4.5.2.jar;
E:/ColdFusion11/cfusion/lib/httpcore-4.4.4.jar;
E:/ColdFusion11/cfusion/lib/httpmime-4.5.2.jar;
E:/ColdFusion11/cfusion/lib/ib6addonpatch.jar;
E:/ColdFusion11/cfusion/lib/ib6core.jar;
E:/ColdFusion11/cfusion/lib/ib6http.jar;
E:/ColdFusion11/cfusion/lib/ib6https.jar;
E:/ColdFusion11/cfusion/lib/ib6swing.jar;
E:/ColdFusion11/cfusion/lib/ib6util.jar;
E:/ColdFusion11/cfusion/lib/icu4j-52_1.jar;
E:/ColdFusion11/cfusion/lib/im.jar;
E:/ColdFusion11/cfusion/lib/iText.jar;
E:/ColdFusion11/cfusion/lib/iTextAsian.jar;
E:/ColdFusion11/cfusion/lib/izmado.jar;
E:/ColdFusion11/cfusion/lib/jai_codec.jar;
E:/ColdFusion11/cfusion/lib/jai_core.jar;
E:/ColdFusion11/cfusion/lib/jai_imageio.jar;
E:/ColdFusion11/cfusion/lib/jakarta-oro-2.0.6.jar;
E:/ColdFusion11/cfusion/lib/jakarta-slide-webdavlib-2.1.jar;
E:/ColdFusion11/cfusion/lib/java-xmlbuilder-0.4.jar;
E:/ColdFusion11/cfusion/lib/javasysmon-0.3.3.jar;
E:/ColdFusion11/cfusion/lib/jax-qname.jar;
E:/ColdFusion11/cfusion/lib/jaxb-api.jar;
E:/ColdFusion11/cfusion/lib/jaxb-impl.jar;
E:/ColdFusion11/cfusion/lib/jaxb-libs.jar;
E:/ColdFusion11/cfusion/lib/jaxb-xjc.jar;
E:/ColdFusion11/cfusion/lib/jaxrpc.jar;
E:/ColdFusion11/cfusion/lib/jboss-logging-3.1.0.GA.jar;
E:/ColdFusion11/cfusion/lib/jcifs-1.3.15.jar;
E:/ColdFusion11/cfusion/lib/jdom.jar;
E:/ColdFusion11/cfusion/lib/jeb.jar;
E:/ColdFusion11/cfusion/lib/jempbox-1.8.3.jar;
E:/ColdFusion11/cfusion/lib/jersey-core.jar;
E:/ColdFusion11/cfusion/lib/jersey-server.jar;
E:/ColdFusion11/cfusion/lib/jersey-servlet.jar;
E:/ColdFusion11/cfusion/lib/jets3t-0.8.1.jar;
E:/ColdFusion11/cfusion/lib/jetty-continuation-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-http-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-io-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-security-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-server-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-servlet-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-servlets-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-util-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jetty-xml-9.0.7.v20131107.jar;
E:/ColdFusion11/cfusion/lib/jgroups-2.9.0.GA.jar;
E:/ColdFusion11/cfusion/lib/jintegra.jar;
E:/ColdFusion11/cfusion/lib/jms.jar;
E:/ColdFusion11/cfusion/lib/jnbcore.jar;
E:/ColdFusion11/cfusion/lib/jpedal.jar;
E:/ColdFusion11/cfusion/lib/js.jar;
E:/ColdFusion11/cfusion/lib/jsch-0.1.54.jar;
E:/ColdFusion11/cfusion/lib/jsr107cache.jar;
E:/ColdFusion11/cfusion/lib/jsr311-api-1.1.1.jar;
E:/ColdFusion11/cfusion/lib/jta.jar;
E:/ColdFusion11/cfusion/lib/jutf7-0.9.0.jar;
E:/ColdFusion11/cfusion/lib/ldap.jar;
E:/ColdFusion11/cfusion/lib/ldapbp.jar;
E:/ColdFusion11/cfusion/lib/log4j-1.2.15.jar;
E:/ColdFusion11/cfusion/lib/lucene-analyzers-3.4.0.jar;
E:/ColdFusion11/cfusion/lib/lucene-core-3.4.0.jar;
E:/ColdFusion11/cfusion/lib/lucene-highlighter-3.4.0.jar;
E:/ColdFusion11/cfusion/lib/lucene-memory-3.4.0.jar;
E:/ColdFusion11/cfusion/lib/lucenedemo.jar;
E:/ColdFusion11/cfusion/lib/macromedia_drivers.jar;
E:/ColdFusion11/cfusion/lib/mail.jar;
E:/ColdFusion11/cfusion/lib/metadata-extractor-2.8.1.jar;
E:/ColdFusion11/cfusion/lib/mlibwrapper_jai.jar;
E:/ColdFusion11/cfusion/lib/msapps.jar;
E:/ColdFusion11/cfusion/lib/namespace.jar;
E:/ColdFusion11/cfusion/lib/nekohtml-1.9.22.jar;
E:/ColdFusion11/cfusion/lib/netty-3.5.8.Final.jar;
E:/ColdFusion11/cfusion/lib/ooxml-schemas.jar;
E:/ColdFusion11/cfusion/lib/pdfencryption.jar;
E:/ColdFusion11/cfusion/lib/poi-contrib.jar;
E:/ColdFusion11/cfusion/lib/poi-ooxml-schemas.jar;
E:/ColdFusion11/cfusion/lib/poi-ooxml.jar;
E:/ColdFusion11/cfusion/lib/poi-scratchpad.jar;
E:/ColdFusion11/cfusion/lib/poi.jar;
E:/ColdFusion11/cfusion/lib/portlet_20.jar;
E:/ColdFusion11/cfusion/lib/postgresql-9.3-1101.jdbc41.jar;
E:/ColdFusion11/cfusion/lib/quartz.jar;
E:/ColdFusion11/cfusion/lib/relaxngDatatype.jar;
E:/ColdFusion11/cfusion/lib/ri_generic.jar;
E:/ColdFusion11/cfusion/lib/rome-cf.jar;
E:/ColdFusion11/cfusion/lib/saaj.jar;
E:/ColdFusion11/cfusion/lib/saxon9he.jar;
E:/ColdFusion11/cfusion/lib/serializer.jar;
E:/ColdFusion11/cfusion/lib/slf4j-api-1.5.6.jar;
E:/ColdFusion11/cfusion/lib/slf4j-log4j12-1.5.6.jar;
E:/ColdFusion11/cfusion/lib/smack.jar;
E:/ColdFusion11/cfusion/lib/smpp.jar;
E:/ColdFusion11/cfusion/lib/STComm.jar;
E:/ColdFusion11/cfusion/lib/tagsoup-1.2.jar;
E:/ColdFusion11/cfusion/lib/threaddump.jar;
E:/ColdFusion11/cfusion/lib/tika-core.jar;
E:/ColdFusion11/cfusion/lib/tika-parsers.jar;
E:/ColdFusion11/cfusion/lib/tools.jar;
E:/ColdFusion11/cfusion/lib/tt-bytecode.jar;
E:/ColdFusion11/cfusion/lib/wsdl4j-1.6.2.jar;
E:/ColdFusion11/cfusion/lib/wsproxyconfig.jar;
E:/ColdFusion11/cfusion/lib/wsrp4j-commons-0.5-SNAPSHOT.jar;
E:/ColdFusion11/cfusion/lib/wsrp4j-producer.jar;
E:/ColdFusion11/cfusion/lib/xalan.jar;
E:/ColdFusion11/cfusion/lib/xercesImpl.jar;
E:/ColdFusion11/cfusion/lib/xml-apis-ext.jar;
E:/ColdFusion11/cfusion/lib/xml-apis.jar;
E:/ColdFusion11/cfusion/lib/xmlbeans-2.3.0.jar;
E:/ColdFusion11/cfusion/lib/xmpcore-6.0.6.jar;
E:/ColdFusion11/cfusion/lib/xmpcore.jar;
E:/ColdFusion11/cfusion/lib/xsdlib.jar;
E:/ColdFusion11/cfusion/lib/zip4j_1.3.1_cf.jar;
E:/ColdFusion11/cfusion/lib/;
E:/ColdFusion11/cfusion/lib/axis2/axiom-api-1.2.13.jar;
E:/ColdFusion11/cfusion/lib/axis2/axiom-dom-1.2.13.jar;
E:/ColdFusion11/cfusion/lib/axis2/axiom-impl-1.2.13.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-adb-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-adb-codegen-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-codegen-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-jaxws-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-kernel-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-transport-http-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/axis2-transport-local-1.7.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/commons-fileupload-1.2.jar;
E:/ColdFusion11/cfusion/lib/axis2/commons-io-1.4.jar;
E:/ColdFusion11/cfusion/lib/axis2/geronimo-ws-metadata_2.0_spec-1.1.2.jar;
E:/ColdFusion11/cfusion/lib/axis2/httpcore-4.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/neethi-3.0.2.jar;
E:/ColdFusion11/cfusion/lib/axis2/woden-api-1.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/woden-impl-commons-1.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/woden-impl-dom-1.0.jar;
E:/ColdFusion11/cfusion/lib/axis2/wsdl4j-1.6.2.jar;
E:/ColdFusion11/cfusion/lib/axis2/wstx-asl-3.2.9.jar;
E:/ColdFusion11/cfusion/lib/axis2/XmlSchema-1.4.8.jar;
E:/ColdFusion11/cfusion/lib/axis2/;
E:/ColdFusion11/cfusion/gateway/lib/examples.jar;
E:/ColdFusion11/cfusion/gateway/lib/;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/flex/jars/cfgatewayadapter.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/flex/jars/concurrent.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/flex/jars/;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/batik-awt-util.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/batik-css.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/batik-ext.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/batik-transcoder.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/batik-util.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/commons-discovery.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/commons-logging.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/concurrent.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/flex.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/jakarta-oro-2.0.7.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/jcert.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/jnet.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/jsse.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/oscache.jar;
E:/ColdFusion11/cfusion/wwwroot/WEB-INF/cfform/jars/;

I got the HTTPS requests to work with the ColdFusion Sandbox Security enabled by granting "read" access to the following directory paths in the sandbox for my ColdFusion application:

C:\Program Files\Java\                            [read]
C:\Program Files\Java\-                           [read]

E:\ColdFusion11\cfusion\wwwroot\WEB-INF\lib\      [read]
E:\ColdFusion11\cfusion\wwwroot\WEB-INF\lib\-     [read]

The WEB-INF\lib directory contains several "crypto" jar files so that kind of makes sense. I am running a newer Java version than what came installed with ColdFusion so the location of the JVM has changed. So adding the path to the JVM also makes sense. I added the permission to the parent folder C:\Program Files\Java to avoid needing to change this every time the Java software is updated (each version gets it's own folder with version number). It is just read access so I think that is okay.

I did not have to import any certificates to the keystore or add/update any jars. I just needed to add these additional paths to the sandbox security settings and it works now.