CF2016 securing CFIDE/administrator with TLS

-

hello community!

 

   began working on poc cf2016 , little shocked learn defacto method of getting /cfide/administrator via localhost through ssh tunneling (per lockdown pdf).

 

   out of box alternative ssh tunneling punch hole in firewall port 8500.  security damned!

 

   both of these methods unacceptable (seriously adobe!).  began 2 day deep dive flawed java product.

 

   in stead of boring 14 hour deep dive didn't work - here did work :

 

prereqs :

rhel 7 x64 minimum install

coldfusion2016 enterprise edition patched 2016.0.02.299200

tomcat version 8.0.32.0

java jre server 1.8.0_102

firewalld rule 8443/tcp allowed devops team

 

steps :

1. download latest jre 8 server edition /opt/coldfusion2016/   (update cf jvm path match i.e. /opt/coldfusion2016/jdk1.8.0_102/jre/ )

 

2. download , deploy unlimited strength jurisdiction policy files

 

3. generate self signed cert using new jre

sudo /opt/coldfusion2016/jdk1.8.0_102/jre/bin/keytool -genkey -keyalg rsa -alias test -keystore /etc/ssl/certs/keystore.jks -storepass yourpass -validity 1825 -keysize 2048

 

4. setup tomcat connector limited cipher list (no elliptic curves) in /opt/coldfusion2016/cfusion/runtime/conf/server.xml

<connector port="8443" protocol="org.apache.coyote.http11.http11nio2protocol"

               maxthreads="150" sslenabled="true" scheme="https" secure="true"

               clientauth="false"

               keyalias="test"

               keystorefile="/etc/ssl/certs/keystore.jks"

               keystorepass="yourpass"

               sslenabledprotocols="tlsv1,tlsv1.1,tlsv1.2"

               useserverciphersuiteorder="true"

               ciphers="tls_rsa_with_aes_128_cbc_sha256,tls_rsa_with_aes_128_cbc_sha,

                        tls_rsa_with_aes_256_cbc_sha256,tls_rsa_with_aes_256_cbc_sha,

                        ssl_rsa_with_rc4_128_sha" />

 

5. restart coldfusion

sudo service coldfusion_2016 restart

 

6. continue on merry way!

 

adobe cf dev team - if reading - please deploy encryption tomcat dedicated server administering cf.  perhaps self signed cert option during install wizard after choosing deploy server secure profile etc...  or - update lockdown cf guide include working method (see above) secure dedicated server...

amen!

 

this post should pinned!



More discussions in ColdFusion


adobe

Comments

Post a Comment

Popular posts from this blog

Why is os_ViewContainer running?

-
when open illustrator (cc) opens window os_viewcontainer cannot view or close. shows in taskbar second window illustrator when mousing on ai icon. have tried select no luck. have tried clear using red x, no luck. close when close illustrator. wondering why there , if should concerned. oh, running windows 10. hi ccsachs,   as per query when launch illustrator opens " os_viewcontainer "   i request please share screenshots along below-mentioned details:   exact version of illustrator  graphic card using , when updated last time how performs in safe mode? ( https://support.microsoft.com/en-in/help/12376/windows-10-start-your-pc-in-safe-mode ) if works fine in safe mode please share antivirus using?   regards srishti More discussions in Illustrator adobe
Read more

Animate - problem with duplicating scripts after loop

-
hi all,   i have problem simple button script @ first frame. fine when timeline playing first time. after when timeline loops , stop again @ 0 frame button script fireing 2 times, when loops third time fireing 3 times etc...   here script:   this.stop(); exportroot.mc_cta.cursor = "pointer";   this.mc_cta.on("click", clickfunc.bind(this));   function clickfunc() {     console.log("clicked");     eb.useractioncounter("clicked");     exportroot.gotoandplay(1); }   anybody ideas? wrong?   thanks! kris use:   this.stop(); exportroot.mc_cta.cursor = "pointer";   if(!this.alreadyexecuted){ this.alreadyexecuted=true; this.mc_cta.on("click", clickfunc.bind(this));   function clickfunc() { console.log("clicked"); eb.useractioncounter("clicked"); exportroot.gotoandplay(1); } } More discussions in Adobe Animate CC - General adobe
Read more

Illustrator CS6 Ocurrío un error E/S en el archivo.

-
este error me me sale cada ves que guardo un archivo que ya estado trabajando varias veces, sale cuando ya esta finalizando el proceso de guardar, ya probe cambiar nombre del archivo, ubicación de guardado, convertí curvas las fuentes y sigue saliendo el mismo error, no se que mas hacer, si alguien le ha sucedido y sabe como solucionarlo por favor ayuda. versión exacta (acerca de illustrator) de illustrator? versión sistema operativo?   guardas en el disco duro principal del ordenador o en otro disco, memoria pendrive,...? ese disco que clase de disco, modelo, antiguedad, espacio libre,...? More discussions in Foro en español adobe
Read more