Coldfusion Install SSL not working

Report · Oct 28, 2016

I installed Coldfusion on top of IIS on non-traditional port 8015. I installed a SSL Certificate and I can see the secure connection browsing to the IIS website on port 80, however, when I browse to the Coldfusion website on port 8015 I can not get a secure connection.

It appears to me that Coldfusion doesn't know how to find the SSL Certificate or navigate the SSL connection. Do I need to tell Coldfusion or enable something to get the HTTPS working for Coldfusion on the non-traditional port?

I'm Googling and researching and not finding much help online. Any help would be greatly appreciated.

Report · Oct 28, 2016

Hi, reggiejackson88 (related to reggiejackson44??)

SSL/TLS uses port 443, not 80. If your IIS is diverting your SSL traffic to any other port, something is wrong. You should _NOT_ be seeing secure connections trying to get in via port 80.

HTH,

^_^

Report · Oct 28, 2016

SSL/TLS uses port 443, not 80:

Correct, I misspoke sorry. Hopefully this explains the situation better:

Coldfusion was installed at port 8015 ontop of IIS.

I installed a SSL Certificate in IIS and binded port 443 to https for the default IIS web site.

Navigating to the default IIS web site I can get the secure connection over port 443.

i.e. https://domain.com (successful secure connection)

When I navigate to the default Coldfusion web site over port 8015 I can not get the secure connection.

i.e. http://domain.com:8015 (default Coldfusion web site)

i.e. https://domain.com:8015 (unsuccessful secure connection)

IIS knows to hand off https requests to port 443 but I don't think Coldfusion knows that.

Report · Oct 28, 2016

Hi, reggiejackson88,

I have zero IIS experience for versions after 6, so I'm not sure (I use Apache on my home dev network.)

I'm going to assume that you ran the wsconfig after the CF install. This should have set up your connectors. Was the SSL Cert installed before or after running wsconfig? Just curious.

V/r,

^_^

Report · Oct 30, 2016

IIS is going to be handling the SSL connection, not Tomcat/CF. You can configure the standalone web server for SSL, but I'm not sure that is what you really want to do.

Report · Oct 31, 2016

In IIS Manager I have the default website with bindings to port 80 (http) and port 443 (https) and the default folder is: C:\inetpub\wwwroot. That site is setup and works great for both http and https protocol.

Coldfusion was installed on port 8015 and the default folder was put here: C:\ColdFusion2016\cfusion\wwwroot.

How do I get the Coldfusion folder into IIS Manager keeping it bound to port 8015 (http) and add the binding to port 443 (https) to have IIS handle the SSL connection?

Report · Oct 31, 2016

When the connector was run it should connect IIS to CF, understanding what ports to use on Tomcat. You should then have users hit port 443 (which the browser will take care of when using https).

Also, if the connector is not running properly you can manually install the connector following these instructions: ColdFusion IIS manual connector configuration

I'd opt for just running wsconfig if possible.

Report · Nov 01, 2016

I think the missing piece is that you don't need to put your code in \ColdFusion\cfusion\wwwroot - that is for running using the built-in server and accessing CFIDE stuff. You could access that location in IIS, but you'd have to configure a "site" to look there for web content.

You can put your code in C:\inetpub\wwwroot (if your default IIS website points there). Otherwise, you can create a separate "site" in IIS, pointing to any folder on your system. The ColdFusion/IIS connector tells IIS to hand off all requests for .cfm or .cfc files within configured sites to ColdFusion to process.

Report · Nov 01, 2016

Looks like you want to configure internal CF port for CF: Please see the below document.

https://helpx.adobe.com/coldfusion/installing/installing-the-server-configuration.html

Configuring Secured Socket Layer (SSL)

SSL allows the browser and the server to communicate over a secured connection. Data that is sent is encrypted at one side, transmitted, and then decrypted at the other end. For more information about SSL configuration on Tomcat, see http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

To configure SSL for ColdFusion using the keytool utility, do the following:

Create a certificate file:

Run the following command:cfroot\jre\bin\keytool -genkey -alias tomcat -keyalg RSA

Type the details as per the instruction.

If you do not provide a password, the default password for keystore and key is changeit. If you don't want to use the default password, ensure that you provide the same password for the keystore and the key.

Running this command creates a certificate.keystore in the following location:

Windows: C:\Documents and Settings_user's_director_y

Linux: usr/home

Open the cfroot\cfusion\runtime\conf\server.xml file and search for the string Define a SSL HTTP/1.1.

Uncomment the connector details and update the section as follows:

<Connector port="8443" protocol="HTTP/1.1"

SSLEnabled="true" maxThreads="150" scheme="https"

secure="true" keystoreFile="<certificate_location>\.keystore" keystorePass="<password>" keyAlias="tomcat" clientAuth="false" sslProtocol="TLS" />

Restart ColdFusion.

Access ColdFusion using the following URL: https://<ip-address>:8443/CFIDE/administrator

Adobe Community

Coldfusion Install SSL not working