Generate a keystore pkcs12
Follow the steps below:
- Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
-
keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999
-
keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem
- Once the .p12 and .PEM files are generated, copy these to an appropriate location.
- Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.
- Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.
<!--<Connector packetSize="65535" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />-->
The code above is commented in server.xml.
- After you uncomment the file, add the attribute keystoreFile, as shown below:
<Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12"
keystorePass="changeit"/>
The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.
- Restart ColdFusion service and access the ColdFusion Admin with the url,
https://hostname:8443/CFIDE/administrator/index.cfm
- In server.xml, comment the line that contains the HTTP port.
<!--internal webserver start
<Connector packetSize="65535" port="8503" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8451"/>
internal webserver end-->
If you see an error message related to SSL handshake, in jvm.config, add the argument,
"-Dcom.sun.net.ssl.enableECC=false"
2
Replies
AdChoices