0

I have a client on MX7 who wants to migrate to CF9. I have a dev environment for them on my WinXP machine where I've configured MX7 to run with JRun's built-in web server. I've had that working for a long time with both regular and SSL connections.

I installed CF9 yesterday side-by-side with the existing MX7 install to start testing. The install was smooth and detected MX7, adjusted CF9's port numbers for no conflict, etc. Testing started well: MX7 over regular and SSL still worked and CF9 worked over regular HTTP. But I can't get CF9 to work with SSL. I installed a new certificate with keytool, FireFox (v3.6) complained about it being unsigned, I added it to the exception list, and now I get this:

Secure Connection Failed
An error occurred during a connection to localhost:9101.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert)

I've been Googling that in all variations but can't find much help to get past this. I don't see any info in any log files either. FWIW, here's my SSL config from SERVER-INF/jrun.xml:

<service class="jrun.servlet.http.SSLService" name="SSLService">
  <attribute name="enabled">true</attribute>`
  <attribute name="interface">*</attribute>
  <attribute name="port">9101</attribute>
  <attribute name="keyStore">{jrun.rootdir}/lib/mykey</attribute>
  <attribute name="keyStorePassword">*deleted*</attribute>
  <attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute>
  <attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory</attribute>
  <attribute name="deactivated">false</attribute>
  <attribute name="bindAddress">*</attribute>
  <attribute name="clientAuth">false</attribute>
</service>

Anyone here know of any issues re setting up SSL and CF9? Anyone had success with it?

Dave

DaveBurns
  • 205
  • 1
  • 3
  • 7

2 Answers2

1

You have to add the following to the java.args in the jvm.config file:

-Dcoldfusion.disablejsafe=true

After this, the built-in Webserver of ColdFusion 9 will accept the SSL request on Port 9100.

Jenny D
  • 27,358
  • 21
  • 74
  • 110
Marco Betschart
  • 26
  • 1
0

Dave, when you say "I don't see any info in any log files either", can you clarify if you mean the [cf]/logs? They may not be helpful for this. Or do you mean you HAVE checked the [cf]\runtime\logs (or [jrun]\logs)? Those may be more valuable for info on this kind of problem. Might help to hear what they say (if they say anything) before folks start guessing at possible solutions for you.

charlie arehart
  • 195
  • 2
  • 9
  • I've looked through all .log files under my CF9 install's root dir. Even the runtime\logs although I know the problem is at a different level in the stack. The logs I'm looking at mainly are in my CF/logs dir: application.log, exception.log, etc. The relevant one seems to be server.log but the strings 'ssl' and 'error' appear nowhere in it (I've also looked through it manually of course). Someone on another list pointed me to the JRun logging doc so I'll experiment with some settings there. If anyone has clues to what I should look for and where, I'm all ears. Thanks. – DaveBurns Mar 07 '10 at 15:51