Question
Configure SSL for a ColdFusion instance
Generate a keystore pkcs12
Follow the steps below:
- Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
-
keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999 -
keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem
-
- Once the .p12 and .PEM files are generated, copy these to an appropriate location.
- Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.
- Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.
<!--<Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />-->The code above is commented in server.xml.
- After you uncomment the file, add the attribute keystoreFile, as shown below:
<Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12" keystorePass="changeit"/>The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.
- Restart ColdFusion service and access the ColdFusion Admin with the url,
https://hostname:8443/CFIDE/administrator/index.cfm
- In server.xml, comment the line that contains the HTTP port.
<!--internal webserver start <Connector packetSize="65535" port="8503" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8451"/> internal webserver end-->
If you see an error message related to SSL handshake, in jvm.config, add the argument,
"-Dcom.sun.net.ssl.enableECC=false"
AdChoices