Configure SSL for a ColdFusion instance - Adobe Support Community

Report · Jul 01, 2020

Generate a keystore pkcs12

Follow the steps below:

Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
- keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999
- keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem
Once the .p12 and .PEM files are generated, copy these to an appropriate location.
Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.

Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.

<!--<Connector packetSize="65535" port="8443" 
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />-->

The code above is commented in server.xml.

After you uncomment the file, add the attribute keystoreFile, as shown below:

<Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12"
	       keystorePass="changeit"/>

The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.

Restart ColdFusion service and access the ColdFusion Admin with the url,
```
https://hostname:8443/CFIDE/administrator/index.cfm
```

In server.xml, comment the line that contains the HTTP port.

<!--internal webserver start
<Connector packetSize="65535" port="8503" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8451"/>
internal webserver end-->

If you see an error message related to SSL handshake, in jvm.config, add the argument,

"-Dcom.sun.net.ssl.enableECC=false"

Report · Jul 01, 2020

Generate a keystore pkcs12

Follow the steps below:

Generate the keystore using JRE keytool. Navigate to the JRE/JDK\bin folder in your machine. Run the commands:
- keytool -genkeypair -keystore myKeystore.p12 -storetype PKCS12 -storepass changeit -alias mycert -keyalg RSA -keysize 2048 -validity 99999
- keytool -exportcert -keystore myKeystore.p12 -storepass changeit -alias mycert -rfc -file mycert.pem
Once the .p12 and .PEM files are generated, copy these to an appropriate location.
Take the backup of server.xml in your instances. The file is located in ColdFusion\{instance}\runtime\conf.

Once you back up the file, search for 8443 in server.xml. There is an entry, which is commented.

<!--<Connector packetSize="65535" port="8443" 
               protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />-->

The code above is commented in server.xml.

After you uncomment the file, add the attribute keystoreFile, as shown below:

<Connector packetSize="65535" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="myKeystore.p12"
	       keystorePass="changeit"/>

The path of the keystoreFile is the location where you'd copied the keystore. Specify the full path based on the OS.

Restart ColdFusion service and access the ColdFusion Admin with the url,
```
https://hostname:8443/CFIDE/administrator/index.cfm
```

In server.xml, comment the line that contains the HTTP port.

<!--internal webserver start
<Connector packetSize="65535" port="8503" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8451"/>
internal webserver end-->

If you see an error message related to SSL handshake, in jvm.config, add the argument,

"-Dcom.sun.net.ssl.enableECC=false"

Report · Jul 11, 2020

Saurav_Ghosh will it make Coldfusion database connections SSL enabled too?

Report · Jul 12, 2020

No, for that you need to install certificates on your DB server. The exact details will depend on your DB server software. Here's some documentation on that for MS SQL Server.

https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-...

Dave Watts, Eidolon LLC