2 Replies Latest reply: Oct 27, 2014 12:04 PM by Prem Radhakrishnan RSS

    Coldfusion 11 - Web Sockets via SSL

    cgjazinski@upta.edu Community Member
    cgjazinski@upta.edu Sep 10, 2014 12:48 PM

      Help!

       

      I can't seem to figure out how to handle WSS (Websockets over SSL). I have a cert that has already been sent/received by verifier. I have a cert and an intermediate cert. I've been looking at documentation and from what I've gathered i need to add the certs to the "keystore". I issued a command like this ->>>  D:\CF11\jre\bin\keytool -import -v -alias myCert-cert -file myCert.cer -keystore D:\CF11\jre\lib\security\cacerts -storepass changeit <-- I see the cert is added. And if list the keystore i see the number of certs increased by one. I then enable the SSL WS, use default port (built in server.. not proxied), and point it to the keystore D:\CF11\jre\lib\security\cacerts and for pass i simply use the default changeit.... I've modified my cfcode to have the secure="true" attribute. So I think everything is setup correctly ....but...  when i goto the webpage the web socket will try to connect then simply not connect (Firebug says the connection was refused) (The code works fine removing the secure attribute and accessing via http) ... So i guess i'm not sure exactly what i should be doing. Can i use the same cert that I had created via IIS. The cert looks valid. Also further more i see nothing showing up in the log files.. I see a log called WebSocket.log but the size is 0 and nothing is being thrown in the exception log either.. I'm completely confused.

      • 234 Views
      • Tags:
        • 1. Re: Coldfusion 11 - Web Sockets via SSL
          Sharma Nimit Adobe Employee
          Sharma Nimit Sep 10, 2014 10:02 PM (in response to cgjazinski@upta.edu)

          Hi,

           

          If you are trying to configure WebSocket over SSL using self-signed certificate, then ColdFusion server should also be running over SSL using the same certificate.

           

          To configure ColdFusion server over SSL follow below mentioned steps:

           

          1. Create Keystore:

                Keytool -genkey -keyalg RSA -keystore websocket.crt -storepass changeit -alias wss -keypass changeit -validity 365

           

          2. Configure ColdFusion to run over SSL port:

           

          1. Uncomment "<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  maxThreads="150" scheme="https" secure="true"   clientAuth="false" sslProtocol="TLS" />" this section in server.xml file available at <cf_home>/cfusion/runtime/conf.
          2. Change value of "Protocol" attribute from "HTTP/1.1" to "org.apache.coyote.http11.Http11NioProtocol" in the Connector tag.
          3. Add these attributes to above mentioned tag:
            1. keystoreFile
            2. keystorePass
          4. Save Changes.
          5. Restart ColdFusion service.
          6. Access ColdFusion administrator console using URL: https://127.0.0.1:8443/CFIDE/administrator/index.cfm

          3. Configure Websocket to run over SSL port:

          1. Access ColdFusion administrator console.
          2. Navigate to ColdFusion Administrator > Server Settings > WebSocket.
          3. Check "SSL Port" checkbox.
          4. Enter keystore location and password [which we created in step #1 Create Keystore ].
          5. Submit Changes.
          6. Restart ColdFusion service.

          4. Create a sample CFML template to verify the configuration.

           

          Application.cfc

           

               component

               {

                   this.name = "sample";

                   this.wschannels = [{name="demo"}];

               }

           

          SAMPLE.cfm

               <html>

               <head>

                    <title>Websocket Example</title>

                    <script>

                           //messagehandler recieves all the messages from websocket

                           function mycbHandler( messageobj)

                           {

                                    var message = ColdFusion.JSON.encode(messageobj);

                                    var txt=document.getElementById("myDiv");

                                    txt.innerHTML +=message  +"<br>";

                           }

               

                           //openhandler is invoked when socket connection is

                           function openHandler()

                           {

                                  var txt=document.getElementById("myDiv");

                                   txt.innerHTML +="open Handler invoked <br>";

                           }

                    </script>

               </head>

               <cfwebsocket name="mywsobj" onMessage="mycbHandler" subscribeTo="demo" onOpen="openHandler" secure="true"/>

               <div id="myDiv"></div>

               </html>

           

          5. Try to access this CFML template using ColdFusion over SSL port using Chrome web browser or any other browser with debugging capability.

           

          6. In my case, it is Google chrome.  Press F12 and navigate to the Network section to check whether websocket request is being served over SSL or not.

           

          If you find any difficulty in following above mentioned steps, you can contact me at nimsharm@adobe.com

           

          Regards,

          Nimit

          • 2. Re: Coldfusion 11 - Web Sockets via SSL
            Prem Radhakrishnan Community Member
            Prem Radhakrishnan Oct 27, 2014 12:04 PM (in response to Sharma Nimit)

            Hi Nimit,

            I am trying to follow the same instructions presented here with little success, I was directed here by my developer who is trying to implement WebSocket over SSL on ColdFusion 11. We are running ColdFusion 11 on Windows Server 2012 and IIS 8. We are using a GoDaddy certificate and not a self-signed certificate, should the process be the same?

             

            Basically, I have used the keytool as described and made the changes in server.xml and restarted the server but I cannot access the page on port 8443 or on just HTTPS. It just says waiting and eventually times out. I can access the regular coldfusion admin on HTTP. Could you please help me troubleshoot this ? I am looking at the logs and cant find anything helpful.

            Regards

            Prem