Accessibility
 
Home > Products > ColdFusion > Support > Advanced Development
ColdFusion Icon Macromedia ColdFusion Support Center - Advanced Development
Enabling SSL

Enabling SSL on the ColdFusion MX built-in web server is a two-part process:

1 Obtain a certificate.
2 Enable the ColdFusion MX SSL service.
This section describes both procedures.

Note: If you already have a public certificate, you can skip the following procedure.

To create a private certificate:

1 Use the Java command line utility keytool to generate a file that contains the digital certificate. The keytool utility installs with the Java JDK.
Shown below is the format for the invocation of the keytool utility to generate a private certificate:

keytool -genkey -dname "cn=<domain name or ip>, ou=CF, o=Macromedia, L=Newton, ST=MA, C=US" 

-keyalg rsa -keystore <keystore file name>

The cn parameter specifies the host domain name of IP address and should be exactly what users enter in a URL to access your site. For example, you might specify a cn parameter name of myweb.yourco.com.
In the following example, you set the cn attribute to localhost. You can use localhost for testing SSL when the client browser and ColdFusion MX server are on the same computer.

keytool -genkey -dname "cn=localhost, ou=CF, o=Macromedia, L=Newton, ST=MA, C=US" -keyalg 

rsa -keystore keystore

2 The keytool utility prompts you for a password. Enter a password for the certificate. You also need this password in the next procedure.
This procedures creates a file called "keystore" containing the digital certificate in the directory in which you run the command.

To enable SSL on the ColdFusion MX built-in web server:

1 In a text editor, open the cf_root\runtime\servers\default\SERVER-INF\jrun.xml file.
2 Remove the comments around the following text and add the interface attribute:

<service class="jrun.servlet.http.SSLService" name="SSLService">

<attribute name="enabled">true</attribute>

<attribute name="interface">*</attribute>

<attribute name="port">9100</attribute>

<attribute name="keyStore">{jrun.rootdir}/lib/keystore</attribute>

<attribute name="keyStorePassword">changeit</attribute>

<attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute>

<attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory</

attribute>

</service>

3 Set the port attribute to your SSL port number. For example, a value of 9100 means that you access the SSL on the built-in web server port 9100, as in the following example:

https://localhost:9100/...

Port number 9100 is appropriate for testing purposes. However, typical SSL implementations specify port 443 on a production computer running a web server such as IIS, Apache, or iPlanet.
4 Set the keyStore attribute to the directory containing your certificate. The variable {jrun.rootdir} corresponds to the directory cf_root\runtime\lib.
5 Set the keyStorePassword attribute to the password that you used when you created the certificate.
6 Save your changes to jrun.xml.
7 Restart ColdFusion MX.
Now make an SSL request through the built-in web server. To test it, open the ColdFusion MX Administrator using the following URL: https://localhost:9100/CFIDE/administrator/index.cfm.

You might be prompted to confirm that you are about to access a page over a secure connection.

The first time you access a page using SSL, you might see a security alert dialog box similar to the following one.

Since you created the certificate yourself, this alert notifies you that it was not issued by an authorized vendor. After you obtain a public certificate, this warning disappears.

Submit feedback about this tutorial.

To Table of Contents Back to Previous document