Highlighted

Configure SSL for a ColdFusion instance

Adobe Employee ,
Jul 01, 2020

Copy link to clipboard

Copied

Generate a keystore pkcs12

Follow the steps below:

  1. Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
    • keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999

    • keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem

  2. Once the .p12 and .PEM files are generated, copy these to an appropriate location.
  3. Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.
  4. Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.
    <!--<Connector packetSize="65535" port="8443" 
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />-->
    

    The code above is commented in server.xml.

  5. After you uncomment the file, add the attribute keystoreFile, as shown below:
    <Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12"
    	       keystorePass="changeit"/>
    

    The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.

  6. Restart ColdFusion service and access the ColdFusion Admin with the url,
    https://hostname:8443/CFIDE/administrator/index.cfm
  7. In server.xml, comment the line that contains the HTTP port.
    <!--internal webserver start
    <Connector packetSize="65535" port="8503" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8451"/>
    internal webserver end-->
    

If you see an error message related to SSL handshake, in jvm.config, add the argument,

"-Dcom.sun.net.ssl.enableECC=false"
TOPICS
Advanced techniques, Security

Views

106

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Configure SSL for a ColdFusion instance

Adobe Employee ,
Jul 01, 2020

Copy link to clipboard

Copied

Generate a keystore pkcs12

Follow the steps below:

  1. Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
    • keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999

    • keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem

  2. Once the .p12 and .PEM files are generated, copy these to an appropriate location.
  3. Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.
  4. Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.
    <!--<Connector packetSize="65535" port="8443" 
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />-->
    

    The code above is commented in server.xml.

  5. After you uncomment the file, add the attribute keystoreFile, as shown below:
    <Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12"
    	       keystorePass="changeit"/>
    

    The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.

  6. Restart ColdFusion service and access the ColdFusion Admin with the url,
    https://hostname:8443/CFIDE/administrator/index.cfm
  7. In server.xml, comment the line that contains the HTTP port.
    <!--internal webserver start
    <Connector packetSize="65535" port="8503" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   redirectPort="8451"/>
    internal webserver end-->
    

If you see an error message related to SSL handshake, in jvm.config, add the argument,

"-Dcom.sun.net.ssl.enableECC=false"
TOPICS
Advanced techniques, Security

Views

107

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 01, 2020 1
Community Beginner ,
Jul 11, 2020

Copy link to clipboard

Copied

Saurav_Ghosh will it make Coldfusion database connections SSL enabled too? 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 11, 2020 0
Adobe Community Professional ,
Jul 12, 2020

Copy link to clipboard

Copied

No, for that you need to install certificates on your DB server. The exact details will depend on your DB server software. Here's some documentation on that for MS SQL Server.

 

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-...

 

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2020 2