We have removed administrator access from external web server for ColdFusion (2016 release) due to security reasons. You can access the administrator only from the internal Tomcat web server port 8500 series.

Naturally, there are users who would want to make the administrator secure and enable SSL for the same.

Follow the instructions below to enable SSL for Tomcat/ColdFusion:

  1. Generate a keystore, preferably of type PKCS12.

  2. Import your certificate to the keystore. Make sure you also import the private key and have the correct key pair.

  3. Once the keystore is ready, open server.xml present in [ColdFusion Home]cfusion/runtime/conf. Add/uncomment the lines below,

    <Connector port=” your coldfusion over SSL port ” protocol=”HTTP/1.1″ SSLEnabled=”true” maxThreads=”150″ scheme=”https” secure=”true” sslProtocol=”TLS” keystorePass=”password for your keystore” keystoreFile=”location for your keystore”/>

  4. Disable the normal connector port by commenting the line,

    <Connector executor=”tomcatThreadPool” port=”your coldfusion port” protocol=”HTTP/1.1″ connectionTimeout=”20000″ redirectPort=”8449″ />

  5. Include the following code in your jvm.config file,

    -Dcom.sun.net.ssl.enableECC=false” in java.args property

    Restart ColdFusion server.

You may see some issues related to TLS. Ensure that TLS 1.0, 1.1 and 1.2 are enabled on the browser. You might also see “no cipher suites in common” error for self-signed certificates.

Ensure that you have both public and private key pair imported into the keystore.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy