How to enable SSL for ColdFusion Administrator running on internal ColdFusion port.
We have removed administrator access from external web server for CF 2016 for security reasons. You can access the administrator only from the internal Tomcat web server port 8500 series.
Naturally, there are users who would want to make the administrator secure and enable SSL for the same.
Follow the instructions below to enable the SSL for Tomcat/ColdFusion:
- Generate a keystore, preferably of type PKCS12.
- Import your certificate to keystore. Make sure you also import the private key and have the correct key pair.
- Once the keystore is ready, open server.xml present in [ColdFusion Home]cfusionruntimeconf
- Add/uncomment the below lines:
<Connector port=” your coldfusion over SSL port ” protocol=”HTTP/1.1″ SSLEnabled=”true” maxThreads=”150″ scheme=”https” secure=”true” sslProtocol=”TLS” keystorePass=”password for your keystore” keystoreFile=”location for your keystore”/>
- Disable the normal connector port by commenting the line:
<Connector executor=”tomcatThreadPool” port=”your coldfusion port” protocol=”HTTP/1.1″ connectionTimeout=”20000″ redirectPort=”8449″ />
- Include the following code in your jvm.config file:
-Dcom.sun.net.ssl.enableECC=false” in java.args property
- Restart the ColdFusion server
You may see some issues related to TLS. Ensure that TLS 1.0, 1.1 and 1.2 are enabled on the browser. You might also see “no cipher suites in common” error for self-signed certificates. Ensure that you have both public and private key pair imported to the keystore.