Hi everyone, I've an issue with WebSocket while using HTTPS port I created the websocket to send the push notification to the react app, it was working fine on the localhost and dev server HTTP (WS) port, but when test HTTPS(WSS) on the dev environment I had an issue like websocket failed, I've tried some of the configuration settings as well, like added the SSL certification on the cacerts, also added the wss port number 8553 on the server.xml file. But doesn't work, I'll add the screenshot below for reference. If anyone knows about the websocket config on https server apart from the above method, please let me know Thanks in advance.

Is it a self-signed cert? Or a public cert (purchased)? Is that port open on the server?

that was public certificate

Port open?

You mean this url right? wss://dev.nosongrequest.com:8553/

yes

it doesn't open, but I added the inbound rules for this port on the firewall

Also add outgoing for it

will add that and let you know

May need to dig into specific logs at this point, not certain what would be terminating or not allowing

is that any other config setting is available? because in initial loading it throws an error

Whats the error you get

image.png

Can you share any code you are attempting to make this connection?

image.png,image.png

And under your Cfadmin settings, your Websocket settings SSL Port is set /enabled as 8553?

yes it is

Its tough to debug but it seems like no connectivity is a failure at the server config setup; have you simply restarted CF server just to confirm settings are in place

Actually the SSL settings is enabled even after restarting the ColdFusion.

Your keystore settings etc also in place pointing to your keystore and pass for this? Is this running on IIS/Nginx or Tomcat? And is your ssl configured properly at those levels?

server is running on the IIS, I already added the keystone setting as well.

Version of CF?

@Vimal Raj can you share your WebSocket page from your cfadmin? Since you are specifying a port I can safely assume you are not using the proxy setup, which in my opinion is better.

@Patrick I've already added the connecter code on the server.xml as well, Here is my code, and I'm using the cf-2018 enterprise version.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"  keystorefile="C:/devnosongrequests.jks" keystorepass="changeit" clientAuth="false" sslProtocol="TLS" />

Ok, at a lower level -- have you tried connecting to the websocket port with a tool like openssl or telnet? At the very least it should open the connection for a few moments to let you know its alive from where your are trying to connect to it from. If it does not connect, it's going to be a firewall, port forwarding or other issue like that. If it does, then it's an issue with either ACF or your code.

@Vimal Raj since you’re on IIS, why don’t you just configure the proxy instead

Also, does the account that has permissions to run CF on the machine also have permission to that keystore file?

And to to be 100% certain following @Patrick question, is the password to the keystore valid. I know in your screenshot it is probably not the real one as it should not be, but make sure to enter it thru the admin. I would go as far as confirming that you can access the keystore w/ the password using keytool.

okay guys I'll try the above mentioned settings and let you know.