How to configure ColdFusion WebSocket service over SSL

In this blog, I will discuss how to configure ColdFusion WebSocket service over SSL using self-signed certificate created using keytool. If you are using self-signed certificate to configure WebSocket over SSL, then ColdFusion server should also be running over SSL. I will be explaining it with the help of simple example.

NOTE: This feature is introduced in ColdFusion 11. 

To configure ColdFusion server over SSL follow below mentioned steps:

1. Create Keystore:
keytool -genkey -keyalg RSA -keystore C:\websocket.crt -storepass changeit -alias wss -keypass changeit -validity 365

Keystore contains the private key and certificate. The supported certificate type are JKS(Java Keystore) and pkcs12.
2. Configure ColdFusion to run over SSL:

a. Uncomment “<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”  maxThreads=”150″ scheme=”https” secure=”true”   clientAuth=”false” sslProtocol=”TLS” />” this section in server.xml file available at <cf_install_root>/cfusion/runtime/conf.
b. Change value of “Protocol” attribute from “HTTP/1.1” to “org.apache.coyote.http11.Http11NioProtocol” in the Connector tag.
c. Add these attributes to above mentioned tag:
i. keystoreFile
ii. keystorePass
d. After adding these attributes, it should look like: “<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol” SSLEnabled=”true”  maxThreads=”150″ scheme=”https” secure=”true”   clientAuth=”false” sslProtocol=”TLS” keystoreFile=”C:\websocket.crt” keystorePass=”changeit”/>
e. Save Changes.
f. Restart ColdFusion service.
g. Access ColdFusion administrator console using the following URL: https://127.0.0.1:8443/CFIDE/administrator/index.cfm

3. Configure Websocket to run over SSL:
a. Access ColdFusion administrator console.
b. Navigate to ColdFusion Administrator > Server Settings > WebSocket.
c. Check “SSL Port” checkbox.
d. Enter keystore location and password [which we created in step #1 Create Keystore ].
e. Submit Changes.
f. Restart ColdFusion service.

4. Create a sample CFML template to verify the configuration.

Application.cfc

component
{
this.name = “sample”;
this.wschannels = [{name=”demo”}];
}

Index.cfm

<html>
<head>
<title>Websocket Example</title>
<script>
//messagehandler recieves all the messages from websocket
function mycbHandler( messageobj)
{
var message = ColdFusion.JSON.encode(messageobj);
var txt=document.getElementById(“myDiv”);
txt.innerHTML +=message  +”<br>”;
}//openhandler is invoked when socket connection is
function openHandler()
{
var txt=document.getElementById(“myDiv”);
txt.innerHTML +=”open Handler invoked <br>”;
}
</script>
</head>
<cfwebsocket name=”mywsobj” onMessage=”mycbHandler” subscribeTo=”demo” onOpen=”openHandler” secure=”true”/>
<div id=”myDiv”></div>
</html>


5
. Try to access this CFML template using ColdFusion over SSL port using Chrome web browser or any other browser with debugging capability.

6
. In my case, it is Google chrome.  Press F12 and navigate to the Network section to check whether websocket request is being served over SSL or not.





Please leave your comments and queries about this post in the comment sections in order for me to improvise my skills.
Advertisements

Author: Nimit Sharma

Hey I am Nimit Sharma, Working as a Lead Software Engineer. I am willing to learn new concepts and technologies. All content here are my personal views and not those of my employer.

1 thought on “How to configure ColdFusion WebSocket service over SSL”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s