You encrypt communication between ColdFusion and Flex by enabling Secure Sockets Layer (SSL). Enabling SSL only makes sense if you are running LiveCycle Data Services ES remotely. To use SSL, create a keystore file. The keystore is a self-signed certificate. (You do not require a certificate signed by a Certificate Authority, although if you do use one, you do not have to configure Flex as indicated in the following steps.) The information in the keystore is encrypted and can be accessed only with the password that you specify. To create the keystore, you use the Java keytool utility, which is included in your Java Runtime Environment (JRE). 
To enable SSL, you do the following:

  1. Create the keystore
  2. Configure Flex
  3. Enable SSL in the ColdFusion Administrator

Create the keystore

Generate the SSL server (ColdFusion) keystore file by using the keytool utility, with a command like the following:

keytool -genkey -v -alias FlexAssembler -dname "cn=FlexAssembler" -keystore cf.keystore -keypass mypassword -storepass mypassword

The following table describes the parameters of the keytool utility that you use:

Parameter

Description

-alias

The name of the keystore entry. You can use any name as long as you are consistent when referring to it.

-dname

The Distinguished Name, which contains the Common Name (cn) of the server.

-keystore

The location of the keystore file.

-keypass

The password for your private key.

-storepass

The password for the keystore. The encrypted storepass is stored in ColdFusion configuration files.

-rfc

Generates the certificate in the printable encoding format.

-file

The name of the keystore file.

-v

Generates detailed certificate information.

Next, you place the certificate that you created in the file that the JVM uses to decide what certificates to trust. The file in which you place the certificate (usually named cacerts), is located in the JRE, under the lib/security folder.

Configure Flex

  1. Export the keystore to a certificate by using the keytool utility, with a command like the following:

    keytool -export -v -alias FlexAssembler -keystore cf.keystore -rfc -file cf.cer

     

  2. Import the certificate into the JRE cacerts file for your server by using the keytool utility, with a command like the following:

    keytool -import -v -alias FlexAssembler -file cf.cer -keystore C:\fds2\UninstallerData\jre\lib\security\cacerts

    The previous example specifies the location of the keystore for LiveCycle Data Services ES with integrated JRun, installed using the default settings. If you are using a different server, specify the location of the cacerts file for the JRE that you are using. For example, if you are using JBoss, you specify the keystore location as $JAVA_HOME/jre/lib/security/cacerts.

Enable SSL in the ColdFusion Administrator

  1. In the ColdFusion Administrator, select Data & Services > Flex Integration, and specify the keystore file in the Full Path to Keystore text box.
  2. Specify the keystore password in the Keystore password text box.
  3. Select the Enable RMI over SSL for Data Management option, and then click Submit Changes.If you specify an invalid keystore file or password, ColdFusion does not enable SSL, and disables Flex Data Management Support.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy