Known Participant

Question

Can't get HTTPS working for CF2023 Administrator using signed certificate

Forum|Forum|10 months ago
March 26, 2025
2 replies
465 views

I'm trying to get HTTPS to work for accessing the CF2023 Administrator using a signed certificate.

It works fine for a self-signed certificate but I want to use a signed certificate.

Self-signed certificate works with this Connector code in server.xml:

I've tried a few things for the signed certificate and neither seem to be working (error - The device or resource is not set up to accept connections on port "8216":

For the former, i put the cert in the keystore like this:

keytool -import -v -alias mycertalias -file /tmp/mycert.cer -keystore /appl/ColdFusion2023/jre/lib/security/cacerts -storepass slfjdslfjsdlfj

I'd really appreciate any help as to what I'm doing wrong. Thank you!

L

lynn___Author

Known Participant

For anyone else who might be looking for help, here's my solution using the Cert/Key I was already using on the server for my website

cd /appl/ColdFusion2023/jre/lib/security/

openssl pkcs12 -export -in /etc/pki/tls/certs/myExistingCertificate.crt -inkey /etc/pki/tls/private/myExistingPrivateKey.key -out myCertKey.p12 -name myCertKey

Enter Export Password: skdf4dswe3rc!

keytool -importkeystore -deststorepass skdf4dswe3rc! -destkeystore server.keystore -srckeystore myCertKey.p12 -srcstoretype PKCS12 -srcstorepass skdf4dswe3rc! -alias myCertKey

chmod 644 server.keystore

vi /appl/ColdFusion2023/cfusion/runtime/conf/server.xml

Comment Out:
<Connector protocol="HTTP/1.1" port="8500" redirectPort="8455" connectionTimeout="20000"/>

Add:
<Connector port="8307" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/appl/ColdFusion2023/jre/lib/security/server.keystore" keyAlias="myCertKey" keystorePass="skdf4dswe3rc!" clientAuth="false" sslProtocol="TLSv1.3" />

cd /appl/ColdFusion2023/cfusion/bin/
./coldfusion stop
./coldfusion start

D

Dave Watts

Community Expert

Are you loading the certificate chain into your keystore? The chain should include root and intermediate certificates - you don't have to include your server certificate.

Dave Watts, Eidolon LLC

L

lynn___Author

Known Participant

I created a .pem Cert with the root chain and then converted it to a .der Cert using:
openssl x509 -outform der -in mycert.pem -out mycert.der

(Note - This is the same Cert I'm successfully using in Apache to server my ColdFusion website.)

Then I added it to the keystore like this and then restarted ColdFusion:
cd /appl/ColdFusion2023/jre/lib/security/
keytool -importcert -trustcacerts -alias "mycert" -file /tmp/mycert.der -cacerts

in server.xml I have
<Connector port="8216" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/appl/ColdFusion2023/jre/lib/security/cacerts" keystorePass="changeit" keyAlias="mycert" clientAuth="false" sslProtocol="TLSv1.3" />

Any suggestion on what I should be doing differently?

Thanks very much!

L

lynn___Author

Known Participant

On another Adobe page I see the following (without clear directions on how to actually take the actions). So perhaps I'm doing it wrong?

Generate a keystore , preferably of type PKCS12.
Import your certificate to the keystore . Make sure you also import the private key and have the correct key pair.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded