8 Replies Latest reply on Nov 1, 2016 9:47 AM by rahul_u

    Coldfusion Install SSL not working

    reggiejackson88

      I installed Coldfusion on top of IIS on non-traditional port 8015. I installed a SSL Certificate and I can see the secure connection browsing to the IIS website on port 80, however, when I browse to the Coldfusion website on port 8015 I can not get a secure connection.

       

      It appears to me that Coldfusion doesn't know how to find the SSL Certificate or navigate the SSL connection. Do I need to tell Coldfusion or enable something to get the HTTPS working for Coldfusion on the non-traditional port?

       

      I'm Googling and researching and not finding much help online. Any help would be greatly appreciated.

        • 1. Re: Coldfusion Install SSL not working
          WolfShade Level 4

          Hi, reggiejackson88 (related to reggiejackson44??)

           

          SSL/TLS uses port 443, not 80.  If your IIS is diverting your SSL traffic to any other port, something is wrong.  You should _NOT_ be seeing secure connections trying to get in via port 80.

           

          HTH,

           

          ^_^

          • 2. Re: Coldfusion Install SSL not working
            reggiejackson88 Level 1

            SSL/TLS uses port 443, not 80:

            Correct, I misspoke sorry. Hopefully this explains the situation better:

             

            Coldfusion was installed at port 8015 ontop of IIS.

            I installed a SSL Certificate in IIS and binded port 443 to https for the default IIS web site.

             

            Navigating to the default IIS web site I can get the secure connection over port 443.

            i.e. https://domain.com (successful secure connection)

             

            When I navigate to the default Coldfusion web site over port 8015 I can not get the secure connection.

            i.e. http://domain.com:8015 (default Coldfusion web site)

            i.e. https://domain.com:8015 (unsuccessful secure connection)

             

            IIS knows to hand off https requests to port 443 but I don't think Coldfusion knows that.

            • 3. Re: Coldfusion Install SSL not working
              WolfShade Level 4

              Hi, reggiejackson88,

               

              I have zero IIS experience for versions after 6, so I'm not sure (I use Apache on my home dev network.)

               

              I'm going to assume that you ran the wsconfig after the CF install.  This should have set up your connectors.  Was the SSL Cert installed before or after running wsconfig?  Just curious.

               

              V/r,

               

              ^_^

              • 4. Re: Coldfusion Install SSL not working
                nic_tunney Adobe Community Professional

                IIS is going to be handling the SSL connection, not Tomcat/CF.  You can configure the standalone web server for SSL, but I'm not sure that is what you really want to do.

                • 5. Re: Coldfusion Install SSL not working
                  reggiejackson88 Level 1

                  In IIS Manager I have the default website with bindings to port 80 (http) and port 443 (https) and the default folder is: C:\inetpub\wwwroot. That site is setup and works great for both http and https protocol.

                   

                  Coldfusion was installed on port 8015 and the default folder was put here: C:\ColdFusion2016\cfusion\wwwroot.

                   

                  How do I get the Coldfusion folder into IIS Manager keeping it bound to port 8015 (http) and add the binding to port 443 (https) to have IIS handle the SSL connection?

                  • 6. Re: Coldfusion Install SSL not working
                    nic_tunney Adobe Community Professional

                    When the connector was run it should connect IIS to CF, understanding what ports to use on Tomcat.  You should then have users hit port 443 (which the browser will take care of when using https).

                     

                    Also, if the connector is not running properly you can manually install the connector following these instructions: ColdFusion IIS manual connector configuration

                     

                    I'd opt for just running wsconfig if possible.

                    • 7. Re: Coldfusion Install SSL not working
                      Carl Von Stetten Adobe Community Professional & MVP

                      I think the missing piece is that you don't need to put your code in \ColdFusion\cfusion\wwwroot - that is for running using the built-in server and accessing CFIDE stuff.  You could access that location in IIS, but you'd have to configure a "site" to look there for web content.

                       

                      You can put your code in C:\inetpub\wwwroot (if your default IIS website points there).  Otherwise, you can create a separate "site" in IIS, pointing to any folder on your system.  The ColdFusion/IIS connector tells IIS to hand off all requests for .cfm or .cfc files within configured sites to ColdFusion to process.

                      • 8. Re: Coldfusion Install SSL not working
                        rahul_u Adobe Employee

                        Looks like you want to configure internal CF port for CF: Please see the below document.

                         

                        https://helpx.adobe.com/coldfusion/installing/installing-the-server-configuration.html

                         

                        Configuring Secured Socket Layer (SSL)

                         

                        SSL allows the browser and the server to communicate over a secured connection. Data that is sent is encrypted at one side, transmitted, and then decrypted at the other end. For more information about SSL configuration on Tomcat, see http://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html.

                        To configure SSL for ColdFusion using the keytool utility, do the following:

                         

                        Create a certificate file:

                         

                        Run the following command:cfroot\jre\bin\keytool -genkey -alias tomcat -keyalg RSA

                        Type the details as per the instruction.

                         

                        If you do not provide a password, the default password for keystore and key is changeit. If you don't want to use the default password, ensure that you provide the same password for the keystore and the key.

                         

                        Running this command creates a certificate.keystore in the following location:

                         

                        Windows: C:\Documents and Settings_user's_director_y

                        Linux: usr/home

                        Open the cfroot\cfusion\runtime\conf\server.xml file and search for the string Define a SSL HTTP/1.1.

                         

                        Uncomment the connector details and update the section as follows:

                        <Connector port="8443" protocol="HTTP/1.1"

                        SSLEnabled="true" maxThreads="150" scheme="https"

                        secure="true" keystoreFile="<certificate_location>\.keystore" keystorePass="<password>" keyAlias="tomcat" clientAuth="false" sslProtocol="TLS" />

                         

                         

                         

                         

                         

                        Restart ColdFusion.

                        Access ColdFusion using the following URL: https://<ip-address>:8443/CFIDE/administrator