SSL setup question

Michael_Wood · November 6, 2015, 3:43am

I’ve installed Lucee on Amazon Linux. I’m using Tomcat as the web server
since for our purpose we only need the one default website.

Now I’m trying to install an SSL cert. I see that Lucee installs Tomcat 8.
So I can install the SSL cert in that Tomcat.

BUT I see “Services - SSL Certificates” in the Lucee Server Admin. It
doesn’t seem to allow me to install a certificate. What is that for?

Mike

scottadamsmith · November 6, 2015, 4:58am

That is for installing the cert of any external domains you might need to request via CFHTTP from within your application.On November 5, 2015 at 9:43:34 PM CST, Michael Wood <@Michael_Wood> wrote:I’ve installed Lucee on Amazon Linux. I’m using Tomcat as the web server since for our purpose we only need the one default website. Now I’m trying to install an SSL cert. I see that Lucee installs Tomcat 8. So I can install the SSL cert in that Tomcat. BUT I see “Services - SSL Certificates” in the Lucee Server Admin. It doesn’t seem to allow me to install a certificate. What is that for? Mike – Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html — You received this message because you are subscribed to the Google Groups “Lucee” group. To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com. To post to this group, send email to lucee@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/14cb2389-52b1-4828-86a5-4c85562877af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.

zendata · April 8, 2018, 8:20am

Michael - did you ever get it going?
I want to install SSL cert on Lucee for an Azure Ubuntu VM

Zackster · April 8, 2018, 1:34pm

the admin ssl stuff is only for enabling lucee connections to ssl services using untrusted certificates, the admin page text it needs to be improved

lucee and tomcat don’t need ssl, you set that up with your webserver

zendata · April 9, 2018, 1:52am

Thans for that info Zac. Perhaps that is why I have been struggling, I thought that with a standard Lucee install Tomcat was the default web server and that the local Ubuntu copy of Apache was not used - therefore requiring Tomcat to have my SSL cert installed.
I edited the “/opt/lucee/tomcat/conf/server.xml” file and changed “<Connector port=“8080” protocol=“HTTP/1.1”…” to “80” instead of “8888” and in
the “/etc/httpd/conf/httpd.conf” file I changed “Listen 80” to “Listen 8087” (to make Apache not listen to port 80 traffic)
Have I screwed up here and should I be using Apache instead?

Michael_Wood · April 9, 2018, 3:01am

As Zac says, I learned that the SSL option in the Lucee admin is for some sort of inter-server communication setup.

For SSL to your server you need to figure out how to get and install certificates in your web server (Apache, Nginx, TomCat or IIS).

I had a small server running Lucee with TomCat. It seemed to work pretty well but seemed somewhat limited especially with regard to multi-hosting. There are no doubt people who could do that blind folded.

Apache seems well suited to acting as the front end web server for Lucee. It’s vastly configurable and there’s quite a lot of support online for Apache. I found many articles on how to setup SSL to work with it.

I find Lucee with Nginx to be easy to setup and configure. It seems to perform very well. Also you can skip mod_cfml during Lucee installation (not needed). August Kleimo posts on Lucee with Nginx were super helpful.

With regard to your specific question I did get SSL working on each type of web server except TomCat. My current Favorite stack is Lucee/Nginx on a small AWS ec2 Linux instance. I put Elastic Load Balancing in front of the instance to get fail-over and auto scaling. Its quite inexpensive and powerful. I connect AWS Certificate service to ELB so I don’t need to install cert(s) on the server(s).

I know I ranged wide in my response but you never know what someone might find helpful.

Zackster · April 9, 2018, 12:41pm

i’ve filed a bug about improving the admin description of the ssl cettificates section
https://luceeserver.atlassian.net/browse/LDEV-1790

Andy_Urban · February 28, 2019, 7:07pm

I have attempted to add 3rd party certs through the SSL interface. I click install and it shows the cert details. If I restart Lucee then return to the SSL Certificates screen, my cert is no longer displaying. Not certain how to troubleshoot