In this blog, we’ll walk through the process of enabling SSL for ColdFusion WebSocket communication. Whether you’re using a self-signed certificate or a CA-signed certificate, the steps are straightforward. We’ll cover both scenarios

If you are using a self-signed certificate, your ColdFusion server must also be running over SSL.

Create a Self-Signed Certificate:

You can generate a self-signed certificate using the keytool utility bundled with Java. This certificate will enable SSL in ColdFusion. Navigate to the JRE bin directory in your ColdFusion installation -C:\ColdFusion2023\jre\bin and run the following command:

keytool -genkey -keyalg RSA -storetype PKCS12 -keystore C:\websocket.p12 -storepass changeit -alias wss -keypass changeit -validity 365 -dname “CN=hostname, OU=Test, O=MyCompany, L=MyCity, S=MyState, C=US”

Note:

• Update the -dname values (CN, OU, O, etc.) according to your organization’s details.
• The keystore contains both the private key and certificate.
• ColdFusion supports both JKS (Java Keystore) and PKCS12 formats.

In ColdFusion 2025, you can easily generate a self-signed SSL certificate and enable HTTPS directly through the ColdFusion Administrator Console using the built-in SSL Certificate feature.

Configure the ColdFusion Admin Console to Run Over SSL:

After creating the SSL certificate, the next step is to enable the ColdFusion server to accept HTTPS connections. This is done by modifying the server.xml configuration file.

The server.xml file is located at \ColdFusion2023\cfusion\runtime\conf folder.

        <Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”

           SSLEnabled=”true”

           scheme=”https” secure=”true” clientAuth=”false”

           keystoreFile=”C:\websocket.p12″

           keystorePass=”changeit”

           keyAlias=”wss”

           sslProtocol=”TLS”

           maxThreads=”200″ />

Note: In ColdFusion 2025, this connector configuration is automatically added by ColdFusion when you enable SSL through the Administrator Console using the built-in SSL Certificate feature.

Restart the ColdFusion service for the changes to take effect. Once restarted, access the ColdFusion Administrator securely at: https://hostname:8443/CFIDE/administrator/index.cfm

Configure SSL Settings in the ColdFusion Administrator Console:

Log in to the ColdFusion Administrator console, go to Server Settings > WebSocket.

In the WebSocket configuration screen:

• Uncheck the box for Enable HTTP Port (if it’s checked).
• Check the box for Enable SSL Port.
• Set the Keystore Path to: C:\websocket.p12
• Enter the Keystore Password: changeit      

Click Submit Changes to save the configuration. Restart the ColdFusion service once more to ensure all settings are applied.    

Restart the ColdFusion service and run the sample code(WebSocket-sample-code) with HTTPS. To verify that the WebSocket is running over SSL, press F12 to open the browser’s Developer Tools, then navigate to the Network tab. Look for the WebSocket request and confirm that it is using the wss:// protocol, which indicates a secure (SSL) connection.

Configuring a CA-Signed Certificate:

In most cases, a CA-signed certificate is preferred over a self-signed certificate due to its enhanced security and trusted validation. These certificates are typically configured at the web server level, such as with Apache or IIS. To enable SSL for WebSocket communication in ColdFusion, convert the CA-signed certificate to either JKS or PKCS12 format. Then, in the ColdFusion Administrator Console, navigate to Server Settings > WebSocket and configure the SSL settings as outlined above.