3 Replies Latest reply on Feb 16, 2017 12:51 AM by haxtbh

    Activating SSL on Coldfusion 9



      I am using Coldfusion 9 with the built-in web server. I edited jrun.xml to uncomment the SSL section and directed it to my keystore in which I imported my certificate.

      Yet, when I start the server, I receive the following error :

      No available certificate or key corresponds to the SSL cipher suites which are enabled.

      javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.


      Where can this come from?

      Thanks in advance for your help!

        • 1. Re: Activating SSL on Coldfusion 9
          vishu#13 Level 3

          Hi Reing


          Steps to enable SSL/https for CF 9


          Do not use the inbuilt jre of ColdFusion 9. Install JDK and then use it's jre like C:\Program Files\Java\jdk1.7.0_25\jre\bin


          You can download the lates jdk from this link : http://www.oracle.com/technetwork/java/javase/downloads/index.html


          1> Open command prompt as run as Admin and change the directory to C:\Program Files\Java\jdk1.7.0_25\jre\bin


          cd C:\Program Files\Java\jdk1.7.0_25\jre\bin


          NOTE : The JDK version might be differenct as there is a new version available


          2> Run this command


          keytool -genkey -alias server -keyalg RSA -keystore key


          Fill in the details and use the password "changeit"



          3> Now move the keystore name "key" from  C:\Program Files\Java\jdk1.7.0_25\jre\bin to C:\ColdFusion9\runtime\lib


          4> Go to C:\ColdFusion9\runtime\bin and take a back up of jvm.config. Open jvm.config and add the argument mentioned below under "Arguments to VM" at the end without any commas or in the next line. Just a single space after the last word and then paste the argument mentioned below



          -Djavax.net.ssl.trustStore= C:\\ColdFusion9\\runtime\\lib -Djavax.net.ssl.trustStorePassword=changeit



          5> Go to C:\ColdFusion9\runtime\servers\coldfusion\SERVER-INF and take a backup of jrun.xml. Open jrun.xml in notepad and uncomment the ssl information like this


          <!-- Uncomment this service to use SSL with the JRun Web Server

          Note that you MUST create your own keystore before using this service -->

          <service class="jrun.servlet.http.SSLService" name="SSLService">

          <attribute name="enabled">true </attribute>

          <attribute name="interface">* </attribute>

          <attribute name="port">9100 </attribute>

          <attribute name="keyStore">{jrun.rootdir}/lib/key </attribute>

          <attribute name="keyStorePassword">changeit</attribute>

          <attribute name="trustStore">{jrun.rootdir}/lib/trustStore </attribute>

          <attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory </attribute>



          6> Save jrun.xml and restart coldfusion 9 application server service. Open https://localhost:9100 and you will be able to run ColdFusion 9 as https





          • 2. Re: Activating SSL on Coldfusion 9

            I followed these directions and my ColdFusion 9 application server service would not restart. I got a message of "Windows could not start the ColdFusion 9 Application Server on Local Computer. For more information, review the System Event log. If this is a non-Microsoft service, contact the service vendor and refer to service specific error code 2."


            There's nothing in the system log... Any ideas? I'm not a ColdFusion user. I've inherited this site and am really struggling with the learning curve.




            • 3. Re: Activating SSL on Coldfusion 9
              haxtbh Level 4

              This generally means what ever change you made has broken the CF config. I would restore all the changes you made (Hope you took a backup of the files before changing them!)


              Then check the services restart. Try the change again make sure no strange characters are there and all the paths are correct. For example, sometimes its a bad idea to copy and paste from forums as all sorts of formatting might follow depending on the editor you use. Incorrect "" are usually a prime suspect!