How to configure ColdFusion WebSocket service over SSL

In this blog, I will discuss how to configure ColdFusion WebSocket service over SSL using self-signed certificate created using keytool. If you are using self-signed certificate to configure WebSocket over SSL, then ColdFusion server should also be running over SSL. I will be explaining it with the help of simple example.

NOTE: This feature is introduced in ColdFusion 11. 

To configure ColdFusion server over SSL follow below mentioned steps:

1. Create Keystore:
keytool -genkey -keyalg RSA -keystore C:\websocket.crt -storepass changeit -alias wss -keypass changeit -validity 365

Keystore contains the private key and certificate. The supported certificate type are JKS(Java Keystore) and pkcs12.
2. Configure ColdFusion to run over SSL:

a. Uncomment “<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”  maxThreads=”150″ scheme=”https” secure=”true”   clientAuth=”false” sslProtocol=”TLS” />” this section in server.xml file available at <cf_install_root>/cfusion/runtime/conf.
b. Change value of “Protocol” attribute from “HTTP/1.1” to “org.apache.coyote.http11.Http11NioProtocol” in the Connector tag.
c. Add these attributes to above mentioned tag:
i. keystoreFile
ii. keystorePass
d. After adding these attributes, it should look like: “<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol” SSLEnabled=”true”  maxThreads=”150″ scheme=”https” secure=”true”   clientAuth=”false” sslProtocol=”TLS” keystoreFile=”C:\websocket.crt” keystorePass=”changeit”/>
e. Save Changes.
f. Restart ColdFusion service.
g. Access ColdFusion administrator console using the following URL: https://127.0.0.1:8443/CFIDE/administrator/index.cfm

3. Configure Websocket to run over SSL:
a. Access ColdFusion administrator console.
b. Navigate to ColdFusion Administrator > Server Settings > WebSocket.
c. Check “SSL Port” checkbox.
d. Enter keystore location and password [which we created in step #1 Create Keystore ].
e. Submit Changes.
f. Restart ColdFusion service.

4. Create a sample CFML template to verify the configuration.

Application.cfc

component
{
this.name = “sample”;
this.wschannels = [{name=”demo”}];
}

Index.cfm

<html>
<head>
<title>Websocket Example</title>
<script>
//messagehandler recieves all the messages from websocket
function mycbHandler( messageobj)
{
var message = ColdFusion.JSON.encode(messageobj);
var txt=document.getElementById(“myDiv”);
txt.innerHTML +=message  +”<br>”;
}//openhandler is invoked when socket connection is
function openHandler()
{
var txt=document.getElementById(“myDiv”);
txt.innerHTML +=”open Handler invoked <br>”;
}
</script>
</head>
<cfwebsocket name=”mywsobj” onMessage=”mycbHandler” subscribeTo=”demo” onOpen=”openHandler” secure=”true”/>
<div id=”myDiv”></div>
</html>


5
. Try to access this CFML template using ColdFusion over SSL port using Chrome web browser or any other browser with debugging capability.

6
. In my case, it is Google chrome.  Press F12 and navigate to the Network section to check whether websocket request is being served over SSL or not.





Please leave your comments and queries about this post in the comment sections in order for me to improvise my skills.
Advertisements

How to configure JVisualVM with ColdFusion


Java VisualVM is a powerful tool which is used to monitor and improve the application performance. It allows users to generate and analyze heap dumps, track down memory leaks, perform and monitor garbage collection. It also provides functionality offered by jmap, jinfo, jstat and jstack. If it is required, JConsole can also be integrated with JVisualVM which I discussed in my previous blog.

JVisualVM tool is shipped as part of Java Development Kit. It is located at <JDK_Home>\bin.

We can also utilize this powerful tool with ColdFusion to troubleshoot memory leaks and performance issues.

To configure JVisualVM with ColdFusion, we need to append below mentioned JVM flags to “java.args” section in the “jvm.config” file.

  • -Dcom.sun.management.jmxremote 
  • -Dcom.sun.management.jmxremote.port=<port_number>
  • -Dcom.sun.management.jmxremote.authenticate=false
  • -Dcom.sun.management.jmxremote.ssl=false

In ColdFusion 10, “jvm.config” file is located at <cf_install_root>\<instance_name>\bin.

In ColdFusion 9, “jvm.config” file is located at <cf_install_root>\runtime\bin [Standalone installation] or <jrun_root>\bin [Multi-Server installation].

After appending these JVM flags, save changes and restart ColdFusion server.

Now, your ColdFusion server is configured, and now you can launch JVisualVM utility to monitor the performance and resource consumption.

JVisualVM need not to be run on the same box where ColdFusion server is installed.



Please leave your comments and queries about this post in the comment sections in order for me to improve my writing skills and to showcase more useful posts.

How to configure JConsole with ColdFusion

JConsole is a monitoring tool which we can use to gather information about the performance and resource consumption of applications(local as well as remote) running on the Java platform.

JConsole monitoring tool is shipped as part of Java Development Kit. It is located at <JDK_Home>\bin.

To configure JConsole with ColdFusion, we need to append below mentioned JVM flags to the “java.args” section in the “jvm.config” file:

  • -Dcom.sun.management.jmxremote 
  • -Dcom.sun.management.jmxremote.port=<port_numbe>
  • -Dcom.sun.management.jmxremote.authenticate=false

In ColdFusion 10, “jvm.config” file is located at <cf_install_root>\<instance_name>\bin.

In ColdFusion 9, “jvm.config” file is located at <cf_install_root>\runtime\bin [Standalone installation] or <jrun_root>\bin [Multi-Server installation].

After appending these JVM flags, save changes and restart ColdFusion server.

Now, your ColdFusion server is configured to be accessed by JConsole utility to monitor the performance and resource consumption.

Launch the JConsole tool and mention : under Remote Process to start monitoring ColdFusion server. JConsole need not to run on the box where ColdFusion server is installed.

Refer this article on how to use JConsole tool.



No available certificate or key corresponds to the SSL cipher suites which are enabled

I recently experienced this issue with my server, so in order to understand the workflow how exactly socket communication happen on SSL in java. I wrote a simple chat utility where messages are being exchanged between client and server over SSL. Firstly, I will show you how it works and then I will explain the cause of this issue. 

I have divided this task in four simple steps:

  • Create a keystore.
  • Create a server which is listening on port 9443.
  • Create a client which will communicate to the server on port 9443.
  • How to run Server and Client using SSL certificate.

 Prerequisites:
 JDK should be installed.

 1. Create a keystore

     Create a self-signed certificate using Keytool.

keytool -genkey -keyalg RSA -keystore searchyourqueries.crt -storepass password -alias searchyourqueries -keypass password -validity 3650


After executing this command you will have a certificate named “searchyourqueries.crt”.

2. Create a server which is listening on port 9443.

import javax.net.ssl.*;
import java.io.*;
public class Server
{
    public static void main(String args[])
    {
        try
        {
            SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(9443);
            SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

            InputStream is = sslsocket.getInputStream();
            InputStreamReader isr = new InputStreamReader(is);
            BufferedReader br = new BufferedReader(isr);

            String str = null;
            while ((str = br.readLine()) != null)
            {
                System.out.println(str);
                System.out.flush();
            }
        }
        catch (Exception ex)
        {
            ex.printStackTrace();
        }
    }


Compile Server.java using: javac Server.java 

3. Create a client which will communicate to the server on port 9443.

import javax.net.ssl.*;
import java.io.*;
public class Client
{
    public static void main(String args[])
    {
        try
        {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(“localhost”, 9443);

            InputStreamReader isr = new InputStreamReader(System.in);
            BufferedReader br = new BufferedReader(isr);

            OutputStream os = sslsocket.getOutputStream();
            PrintWriter pw = new PrintWriter(os, true);
          
            String str = null;
            while ((str = br.readLine()) != null)
            {
                pw.write(str + ‘\n’);
                pw.flush();
            }
        }
        catch (Exception ex)
        {
            ex.printStackTrace();
        }
    }
}
 
Complie Client.java using: javac Client.java

4. How to run Server and Client using SSL certificate.      

Firstly, place the certificate which is created in Step 1 at the same location where we have our class files.

Now we need to start the Server using this certificate:

java -Djavax.net.ssl.keyStore=searchyourqueries.crt -Djavax.net.ssl.keyStorePassword=changeit Server 

If we do not provide certificate information using -Djavax.net.ssl.keyStore and -Djavax.net.ssl.keyStorePassword swtiches to start the server, then it will raise an error shown below:







then start the Client using the same certificate:

java -Djavax.net.ssl.trustStore=searchyourqueries.crt -Djavax.net.ssl.trustStorePassword=changeit Client

Now your Server and Client are ready to communicate over secure channel.


How to check RAM size on Solaris

If you want to check RAM size on your solaris operating system, then you can make use of below given command:

prtconf | head -3 | grep Mem

prtconf command is used to print system configuration.

Note: If you are getting following error while using this command:

prtconf: not found

then you may need to set PATH environment variable:

export PATH=$PATH:/usr/sbin

How to configure Jetty on HTTPS

This is the simplest way to configure SSL on Jetty. I will demonstrate this using a self-signed certificate which is created using “keytool” utility shipped with JDK or JRE.

Prerequisites:

1. Jetty should be installed.  

To configure Jetty web server on HTTPS follow below mentioned steps in this blog:

 Step 1:

Create a self-signed certificate using keytool.


keytool -genkey -keyalg RSA -keystore jetty.crt -storepass password -alias jetty -keypass password -validity 3650

Step 2:


Move jetty.crt file to {Jetty_Home} i.e. {install_root}\jetty-6.1.20


Step 3:


Edit jetty.xml located at {install_root}\jetty-6.1.20\etc and add below given block:


 

 

 

8443 

30000  

\jetty.crt          

password 

password 

\jetty.crt 

password

 

 


Step 4:


Save jetty.xml.


Step 5:


Restart Jetty web server.


Step 6:


Try to access URL:  https://localhost:8443


And then, you are good to go.