Railo SSL configuration
11 views
Skip to first unread message
Brian Caufield
Nov 19, 2015, 4:42:51 PM11/19/15
to cfu...@googlegroups.com
Hi Folks,
Does anyone have experience configuring an SSL access on Railo, the opensource CFML engine? My client wanted to avoid renewing their Coldfusion license so we are trying to move an existing site to this new Railo server running on Linux, Apache, Tomcat, MySQL stack.
Most everything works OK but I cannot get the Secure Cert that was exported from the old site setup properly on the new server.
I will pay your going rate if you can help - this is an emergency!
Thanks,
Brian Caufield
Pete Freitag
Nov 19, 2015, 6:39:50 PM11/19/15
to cfu...@googlegroups.com
Hi Brian
--
https://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - CFML Server Security Scanner
I have to run out for a bit but there are basically 2-3 files you need to make sure you have from the old server - the private key, the certificate and in most cases you also need the intermediate certificate chain. There are 3 Apache directives that are used to specify the path to these files in your httpd.conf
Also FYI Railo has been forked most people are using Lucee now instead.
--
You received this message because you are subscribed to the Google Groups "Central New York ColdFusion Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cfugcny+u...@googlegroups.com.
To post to this group, send email to cfu...@googlegroups.com.
Visit this group at http://groups.google.com/group/cfugcny.
For more options, visit https://groups.google.com/d/optout.
--
--
Pete Freitaghttps://foundeo.com/ - ColdFusion Consulting & Products
http://hackmycf.com - CFML Server Security Scanner
Brian Caufield
Nov 20, 2015, 8:43:59 AM11/20/15
to cfu...@googlegroups.com
Thanks Pete,
I have what I think are the correct files, I read somewhere that the Key may need to be translated when going from IIS to Apache do you know if that is the case?
I have also read that you need to setup the certificate on tomcat too - does that sound correct or is it one or the other? RIght now I have tried configuring both with no success (the secure connection would work intermittently but not reliably).
Thanks for the tip about Lucee, I will check it out but I am so far over my bid on this contract that I can't change the platform now.
Thanks in advance for your help and I am serious about paying to get this working if you have the time.
Brian Caufield
Pete Freitag
Nov 20, 2015, 9:03:08 AM11/20/15
to cfu...@googlegroups.com
Hi Brian - yes the private key needs to be converted when going from iis to Apache - here is a blog entry http://www.petefreitag.com/item/16.cfm (one of my first blog entries).
You do not need to install the cert on tomcat if they are both on the same server. You can let Apache handle the SSL and then let it just pass to tomcat.
Not sure if I would have any free time today to take a look but I will let you know if I do.
Brian Caufield
Nov 20, 2015, 9:32:03 AM11/20/15
to cfu...@googlegroups.com
Thanks Pete - I will do the conversion and let you know if that was the problem.
Brian Caufield
Nov 23, 2015, 3:12:31 PM11/23/15
to cfu...@googlegroups.com
Hi Pete,
I finally got the secure certificate installed properly - thanks for the tips. As it turns out, the core issue was that the apache ssl mod was not enabled properly. I assumed that if the ssl site config file was in "sites-enabled" folder, then ssl was setup, now I know that is not necessarily so.
If anyone has to wrestle with this again, here is the page that included the "a2enmod ssl" command that saved my butt:
Thanks again for all your help,
Brian Caufield
Reply all
Reply to author
Forward
0 new messages