I installed Coldfusion on top of IIS on non-traditional port 8015. I installed a SSL Certificate and I can see the secure connection browsing to the IIS website on port 80, however, when I browse to the Coldfusion website on port 8015 I can not get a secure connection.
It appears to me that Coldfusion doesn't know how to find the SSL Certificate or navigate the SSL connection. Do I need to tell Coldfusion or enable something to get the HTTPS working for Coldfusion on the non-traditional port?
I'm Googling and researching and not finding much help online. Any help would be greatly appreciated.
SSL/TLS uses port 443, not 80:
Correct, I misspoke sorry. Hopefully this explains the situation better:
Coldfusion was installed at port 8015 ontop of IIS.
I installed a SSL Certificate in IIS and binded port 443 to https for the default IIS web site.
Navigating to the default IIS web site I can get the secure connection over port 443.
i.e. https://domain.com (successful secure connection)
When I navigate to the default Coldfusion web site over port 8015 I can not get the secure connection.
i.e. http://domain.com:8015 (default Coldfusion web site)
i.e. https://domain.com:8015 (unsuccessful secure connection)
IIS knows to hand off https requests to port 443 but I don't think Coldfusion knows that.
I have zero IIS experience for versions after 6, so I'm not sure (I use Apache on my home dev network.)
I'm going to assume that you ran the wsconfig after the CF install. This should have set up your connectors. Was the SSL Cert installed before or after running wsconfig? Just curious.
IIS is going to be handling the SSL connection, not Tomcat/CF. You can configure the standalone web server for SSL, but I'm not sure that is what you really want to do.
In IIS Manager I have the default website with bindings to port 80 (http) and port 443 (https) and the default folder is: C:\inetpub\wwwroot. That site is setup and works great for both http and https protocol.
Coldfusion was installed on port 8015 and the default folder was put here: C:\ColdFusion2016\cfusion\wwwroot.
How do I get the Coldfusion folder into IIS Manager keeping it bound to port 8015 (http) and add the binding to port 443 (https) to have IIS handle the SSL connection?
When the connector was run it should connect IIS to CF, understanding what ports to use on Tomcat. You should then have users hit port 443 (which the browser will take care of when using https).
Also, if the connector is not running properly you can manually install the connector following these instructions: ColdFusion IIS manual connector configuration
I'd opt for just running wsconfig if possible.
I think the missing piece is that you don't need to put your code in \ColdFusion\cfusion\wwwroot - that is for running using the built-in server and accessing CFIDE stuff. You could access that location in IIS, but you'd have to configure a "site" to look there for web content.
You can put your code in C:\inetpub\wwwroot (if your default IIS website points there). Otherwise, you can create a separate "site" in IIS, pointing to any folder on your system. The ColdFusion/IIS connector tells IIS to hand off all requests for .cfm or .cfc files within configured sites to ColdFusion to process.
Looks like you want to configure internal CF port for CF: Please see the below document.
Configuring Secured Socket Layer (SSL)
SSL allows the browser and the server to communicate over a secured connection. Data that is sent is encrypted at one side, transmitted, and then decrypted at the other end. For more information about SSL configuration on Tomcat, see http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.
To configure SSL for ColdFusion using the keytool utility, do the following:
Create a certificate file:
Run the following command:cfroot\jre\bin\keytool -genkey -alias tomcat -keyalg RSA
Type the details as per the instruction.
If you do not provide a password, the default password for keystore and key is changeit. If you don't want to use the default password, ensure that you provide the same password for the keystore and the key.
Running this command creates a certificate.keystore in the following location:
Windows: C:\Documents and Settings_user's_director_y
Open the cfroot\cfusion\runtime\conf\server.xml file and search for the string Define a SSL HTTP/1.1.
Uncomment the connector details and update the section as follows:
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" keystoreFile="<certificate_location>\.keystore" keystorePass="<password>" keyAlias="tomcat" clientAuth="false" sslProtocol="TLS" />
Access ColdFusion using the following URL: https://<ip-address>:8443/CFIDE/administrator