Migrating to CF9: trouble getting JRun working with SSL
I have a client on MX7 who wants to migrate to CF9. I have a dev environment
for them on my WinXP machine where I've configured MX7 to run with JRun's
built-in web server. I've had that working for a long time with both regular
and SSL connections.
I installed CF9 yesterday side-by-side with the existing MX7 install. The
install was smooth and detected MX7, adjusted CF9's port numbers for no
conflict, etc. Testing started well: MX7 over regular and SSL still worked and
CF9 worked over regular HTTP. But I can't get CF9 to work with SSL. I installed
a new certificate with keytool, FireFox (v3.6) complained about it being
unsigned, I added it to the exception list, and now I get this:
Secure Connection Failed
An error occurred during a connection to localhost:9101.
Peer reports it experienced an internal error.
(Error code: ssl_error_internal_error_alert)
I've been Googling that in all variations but can't find much help to get past
this. I don't see any info in any log files either. FWIW, here's my SSL config
from SERVER-INF/jrun.xml:
service class=jrun.servlet.http.SSLService name=SSLService
attribute name=enabledtrue/attribute
attribute name=interface*/attribute
attribute name=port9101/attribute
attribute name=keyStore{jrun.rootdir}/lib/mykey/attribute
attribute name=keyStorePassword*deleted*/attribute
attribute name=trustStore{jrun.rootdir}/lib/trustStore/attribute
attribute
name=socketFactoryNamejrun.servlet.http.JRunSSLServerSocketFactory/attribute
attribute name=deactivatedfalse/attribute
attribute name=bindAddress*/attribute
attribute name=clientAuthfalse/attribute
/service
Anyone here know of any issues re setting up SSL and CF9? Anyone had success
with it?
Dave
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331384
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Migrating to CF9: trouble getting JRun working with SSL
I installed CF9 yesterday side-by-side with the existing MX7 install. The install was smooth and detected MX7, adjusted CF9's port numbers for no conflict, etc. Testing started well: MX7 over regular and SSL still worked and CF9 worked over regular HTTP. But I can't get CF9 to work with SSL. I installed a new certificate with keytool, FireFox (v3.6) complained about it being unsigned, I added it to the exception list, and now I get this: Secure Connection Failed An error occurred during a connection to localhost:9101. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert) This might be a stupid question, but is there a reason why you're configuring the JRun web server for SSL instead of just using, say, Apache? Because that's the approach I'd recommend. I realize that's not much of an answer. What's in your JRun log files? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331386 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Migrating to CF9: trouble getting JRun working with SSL
This might be a stupid question, but is there a reason why you're configuring the JRun web server for SSL instead of just using, say, Apache? Because that's the approach I'd recommend. Mainly for simplicity. So far I've gotten the job done without installing extra software I have to configure. It's worked so far. I don't see why it can't be made to work again. Famous last words maybe. I realize that's not much of an answer. What's in your JRun log files? I've looked through all .log files in my CF9 install dir but don't see anything interesting. I may not know what to look for. Do you know which file JRun might log errors to? Dave ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331387 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Migrating to CF9: trouble getting JRun working with SSL
I've looked through all .log files in my CF9 install dir but don't see anything interesting. I may not know what to look for. Do you know which file JRun might log errors to? I would have assumed it would go to the JRun -event.log or -out.log files, but it may not get logged at all by default. This URL I found indicates that you can enable additional logging for various things in JRun, although I didn't see a specific mention of logging JRun's own web server: http://livedocs.adobe.com/jrun/4/JRun_Administrators_Guide/netmon2.htm Good luck! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331388 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
