Highlighted

ColdFusion Server config updating to use SSLHostConfig

New Here ,
Apr 20, 2020

Copy link to clipboard

Copied

Trying to upgrade the server config to teh new structure for the connectors , uncommented works but tring to get to the one commented out, doing this with a cfusion and cfusion1 on the same server, also have the commented configuration working on a stright Tomcat 9.9.22 instance:

<Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" clientAuth="false" keystoreFile="D:\web\Certificates\eagnmnss58b.usps.gov.jks" keystorePass="password" maxThreads="150" port="8550" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
<Connector connectionTimeout="60000" maxThreads="500" packetSize="65535" port="8018" protocol="AJP/1.3" />
<!-- Alternate
<Connector protocol="HTTP/1.1" SSLEnabled="true" scheme="https" port="8554"
maxThreads="150" secure="true" sslProtocol="TLS" defaultSSLHostConfigName="_default_">
<SSLHostConfig protocols="TLSv1.1,TLSv1.2,TLSv1.3" hostName="_default_"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
certificateVerification="none" >
<Certificate
certificateFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateChainFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateKeyAlias="eagnmnss58b.usps.gov"
certificateKeyPassword="password"
certificateKeystoreFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateKeystorePassword="password"
type="RSA"
/>

when unommented get the following:
</SSLHostConfig>
</Connector>
-->

coldfusion-error.log

----------

Apr 13, 2020 2:28:31 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'HTTP/1.1' did not find a matching property.
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Connector/SSLHostConfig/Certificate]
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Connector/SSLHostConfig]
Apr 13, 2020 2:28:31 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'AJP/1.3' did not find a matching property.
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Engine/Manager]
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.5].
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized [OpenSSL 1.1.1a 20 Nov 2018]
Apr 13, 2020 2:28:32 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["https-openssl-nio-8554"]
Apr 13, 2020 2:28:33 PM org.apache.catalina.util.LifecycleBase handleSubClassException
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8554]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at com.adobe.coldfusion.launcher.Launcher.run(Launcher.java:949)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.adobe.coldfusion.bootstrap.Bootstrap.init(Bootstrap.java:100)
at com.adobe.coldfusion.bootstrap.Bootstrap.main(Bootstrap.java:185)
Caused by: java.lang.IllegalArgumentException
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
... 12 more
Caused by: java.io.IOException
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:299)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 19 more

Apr 13, 2020 2:28:33 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-nio-127.0.0.1-8019"]

-----------------------

Views

59

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion Server config updating to use SSLHostConfig

New Here ,
Apr 20, 2020

Copy link to clipboard

Copied

Trying to upgrade the server config to teh new structure for the connectors , uncommented works but tring to get to the one commented out, doing this with a cfusion and cfusion1 on the same server, also have the commented configuration working on a stright Tomcat 9.9.22 instance:

<Connector SSLEnabled="true" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" clientAuth="false" keystoreFile="D:\web\Certificates\eagnmnss58b.usps.gov.jks" keystorePass="password" maxThreads="150" port="8550" protocol="HTTP/1.1" scheme="https" secure="true" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
<Connector connectionTimeout="60000" maxThreads="500" packetSize="65535" port="8018" protocol="AJP/1.3" />
<!-- Alternate
<Connector protocol="HTTP/1.1" SSLEnabled="true" scheme="https" port="8554"
maxThreads="150" secure="true" sslProtocol="TLS" defaultSSLHostConfigName="_default_">
<SSLHostConfig protocols="TLSv1.1,TLSv1.2,TLSv1.3" hostName="_default_"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
certificateVerification="none" >
<Certificate
certificateFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateChainFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateKeyAlias="eagnmnss58b.usps.gov"
certificateKeyPassword="password"
certificateKeystoreFile="D:\web\keystore\eagnmnss58b.usps.gov.jks"
certificateKeystorePassword="password"
type="RSA"
/>

when unommented get the following:
</SSLHostConfig>
</Connector>
-->

coldfusion-error.log

----------

Apr 13, 2020 2:28:31 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'HTTP/1.1' did not find a matching property.
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Connector/SSLHostConfig/Certificate]
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Connector/SSLHostConfig]
Apr 13, 2020 2:28:31 PM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'AJP/1.3' did not find a matching property.
Apr 13, 2020 2:28:31 PM org.apache.tomcat.util.digester.Digester endElement
WARNING: No rules found matching [Server/Service/Engine/Manager]
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.5].
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
Apr 13, 2020 2:28:32 PM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized [OpenSSL 1.1.1a 20 Nov 2018]
Apr 13, 2020 2:28:32 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["https-openssl-nio-8554"]
Apr 13, 2020 2:28:33 PM org.apache.catalina.util.LifecycleBase handleSubClassException
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8554]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at com.adobe.coldfusion.launcher.Launcher.run(Launcher.java:949)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.adobe.coldfusion.bootstrap.Bootstrap.init(Bootstrap.java:100)
at com.adobe.coldfusion.bootstrap.Bootstrap.main(Bootstrap.java:185)
Caused by: java.lang.IllegalArgumentException
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
... 12 more
Caused by: java.io.IOException
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:299)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 19 more

Apr 13, 2020 2:28:33 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-nio-127.0.0.1-8019"]

-----------------------

Views

60

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 20, 2020 0

Have something to add?

Join the conversation