ColdFusion / Flex / SSL Offloading

My company has recently purchased new web server load balancers, and part of our migration will be offloading SSL requests from the web servers to the load balancer itself, to make administration of SSL certificates easier.

We have several legacy Flex apps that connect over SSL. Unfortunately, the default installation of ColdFusion does not support SSL offloading for Flex apps. A Flex app attempts to connect to ColdFusion through SSL with a special Flex channel specifically for encrypted connections, cfamf-secure. Since we’re offloading SSL processing to the load balancer, CF thinks that it’s transferring data in plaintext. The special Flex channel requires an SSL connection, so CF throws an error when the Flex app attempts to connect because CF doesn’t know about the SSL offloading.

The solution is to modify a ColdFusion XML configuration file so that the encrypted channel doesn’t actually use the encrypted handler, but instead the plaintext one, since we’re handling SSL encryption on the load balancer: c:\ColdFusion10\cfusion\wwwroot\WEB-INF\flex\services-config.xml

You have to look for the following definition: <channel-definition id="my-cfamf-secure” ...>

Underneath it is an <endpoint ...> statement that defines the URL syntax for responding to requests. You have to change this property:




so that CF doesn’t require an encrypted connection. Then you restart the ColdFusion service, and it starts accepting requests. From what I can tell, the only difference between the two seems to be the SSL encryption requirement.