/
ColdFusion - Enabling SSL Communication

ColdFusion - Enabling SSL Communication

Owned by Cecilia Do
Last updated: Oct 15, 2008 by Neil Matatall Version comment

ColdFusion utilizes the Java keystore to determine whether to trust a certificate or not. By default, the keystore contains the common trusted Certificate Authorities (i.e. VeriSign and GeoTrust). However, there may be cases where a ColdFusion server needs to communicate over SSL with a server that does NOT have a CA-signed certificate (i.e. a self-signed cert). This page describes how to setup ColdFusion to establish a one-way trusted communication from a ColdFusion client to a server that has a non-trusted certificate.

The ColdFusion server needs to be configured to trust and accept the server certificate. The trust can be achieved by importing either the server certificate or the CA root certificate into the Java trusted keystore used by ColdFusion.

The default Java trusted keystore is called "cacerts", which is located in the <java_home>/jre/lib/security/ directory. Make sure that you are accessing the Java home directory used by ColdFusion.  Next, see how to import a certificate into a Java keystore.

After adding the certificate, the ColdFusion service will need to be restarted.