Adobe ColdFusion 8

Enabling SSL

You encrypt communication between ColdFusion and Flex by enabling Secure Sockets Layer (SSL). Enabling SSL only makes sense if you are running LiveCycle Data Services ES remotely. To use SSL, you must create a keystore file. The keystore is a self-signed certificate. (You do not require a certificate signed by a Certificate Authority, although if you do use one, you do not have to configure Flex as indicated in the following steps.) The information in the keystore is encrypted and can be accessed only with the password that you specify. To create the keystore, you use the Java keytool utility, which is included in your Java Runtime Environment (JRE).

To enable SSL, you do the following:

  • Create the keystore
  • Configure Flex
  • Enable SSL in the ColdFusion Administrator

Create the keystore

  1. Generate the SSL server (ColdFusion) keystore file by using the keytool utility, with a command similar to the following:
    keytool -genkey -v -alias FlexAssembler -dname "cn=FlexAssembler" -keystore cf.keystore -keypass mypassword -storepass mypassword

    The following table describes the parameters of the keytool utility that you use:

    Parameter

    Description

    -alias

    The name of the keystore entry. You can use any name for this, as long as you are consistent when referring to it.

    -dname

    The Distinguished Name, which contains the Common Name (cn) of the server.

    -keystore

    The location of the keystore file.

    -keypass

    The password for your private key.

    -storepass

    The password for the keystore. The encrypted storepass is stored in ColdFuison configuration files.

    -rfc

    Generates the certificate in the printable encoding format.

    -file

    The name of the keystore file.

    -v

    Generates detailed certificate information.

Next, you place the certificate that you created in the file that the JVM uses to decide what certificates to trust. The file in which you put the certificate, (usually named cacerts), is located in the JRE, under the lib/security folder.

Configure Flex

  1. Export the keystore to a certificate by using the keytool utility, with a command similar to the following:
    keytool -export -v -alias FlexAssembler -keystore cf.keystore -rfc -file cf.cer

  2. Import the certificate into the JRE cacerts file for your server by using the keytool utility, with a command similar to the following:
    keytool -import -v -alias FlexAssembler -file cf.cer -keystore C:\fds2\UninstallerData\jre\lib\security\cacerts

    The previous example specifies the location of the keystore for LiveCycle Data Services ES with integrated JRun, installed using the default settings. If you are using a different server, specify the location of the cacerts file for the JRE that you are using. For example, if you are using JBoss, you specify the keystore location as $JAVA_HOME/jre/lib/security/cacerts.

Enable SSL in the ColdFusion Administrator

  1. In the ColdFusion Administrator, select Data & Services > Flex Integration, and specify the keystore file in the Full Path to Keystore text box.
  2. Specify the keystore password in the Keystore password text box.
  3. Select the Enable RMI over SSL for Data Management option, and then click Submit Changes.

    If you specify an invalid keystore file or password, ColdFusion does not enable SSL, and disables Flex Data Management Support.