Can't get HTTPS working for CF2023 Administrator using signed certificate

Report · Mar 25, 2025

I'm trying to get HTTPS to work for accessing the CF2023 Administrator using a signed certificate.

It works fine for a self-signed certificate but I want to use a signed certificate.

Self-signed certificate works with this Connector code in server.xml:

I've tried a few things for the signed certificate and neither seem to be working (error - The device or resource is not set up to accept connections on port "8216":

For the former, i put the cert in the keystore like this:

keytool -import -v -alias mycertalias -file /tmp/mycert.cer -keystore /appl/ColdFusion2023/jre/lib/security/cacerts -storepass slfjdslfjsdlfj

I'd really appreciate any help as to what I'm doing wrong. Thank you!

Report · Mar 26, 2025

Are you loading the certificate chain into your keystore? The chain should include root and intermediate certificates - you don't have to include your server certificate.

Dave Watts, Eidolon LLC

Report · Mar 26, 2025

I created a .pem Cert with the root chain and then converted it to a .der Cert using:
openssl x509 -outform der -in mycert.pem -out mycert.der

(Note - This is the same Cert I'm successfully using in Apache to server my ColdFusion website.)

Then I added it to the keystore like this and then restarted ColdFusion:
cd /appl/ColdFusion2023/jre/lib/security/
keytool -importcert -trustcacerts -alias "mycert" -file /tmp/mycert.der -cacerts

in server.xml I have
<Connector port="8216" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/appl/ColdFusion2023/jre/lib/security/cacerts" keystorePass="changeit" keyAlias="mycert" clientAuth="false" sslProtocol="TLSv1.3" />

Any suggestion on what I should be doing differently?

Thanks very much!

Report · Mar 26, 2025

On another Adobe page I see the following (without clear directions on how to actually take the actions). So perhaps I'm doing it wrong?

Generate a keystore , preferably of type PKCS12.
Import your certificate to the keystore . Make sure you also import the private key and have the correct key pair.

Report · Mar 27, 2025

Hello Iynn,

Please refer to below link for creating Keytore using keytool command.

https://stackoverflow.com/questions/14375185/how-to-create-a-certificate-into-a-pkcs12-keystore-with...

Once created you can use the generated pfx file for configuring SSL in sever.xml , cacerts cannot be used for configuring SSL.

Thanks & Regards

Ravi

Report · Mar 31, 2025

For anyone else who might be looking for help, here's my solution using the Cert/Key I was already using on the server for my website

cd /appl/ColdFusion2023/jre/lib/security/

openssl pkcs12 -export -in /etc/pki/tls/certs/myExistingCertificate.crt -inkey /etc/pki/tls/private/myExistingPrivateKey.key -out myCertKey.p12 -name myCertKey

Enter Export Password: skdf4dswe3rc!

keytool -importkeystore -deststorepass skdf4dswe3rc! -destkeystore server.keystore -srckeystore myCertKey.p12 -srcstoretype PKCS12 -srcstorepass skdf4dswe3rc! -alias myCertKey

chmod 644 server.keystore

vi /appl/ColdFusion2023/cfusion/runtime/conf/server.xml

Comment Out:
<Connector protocol="HTTP/1.1" port="8500" redirectPort="8455" connectionTimeout="20000"/>

Add:
<Connector port="8307" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/appl/ColdFusion2023/jre/lib/security/server.keystore" keyAlias="myCertKey" keystorePass="skdf4dswe3rc!" clientAuth="false" sslProtocol="TLSv1.3" />

cd /appl/ColdFusion2023/cfusion/bin/
./coldfusion stop
./coldfusion start

Can't get HTTPS working for CF2023 Administrator using signed certificate

Photos