RE: [coldbox:13243] SSL Interceptor

Sounds like a plan. A cert on your local machine is a must if you want to really test SSL. A self-signed cert can be a bit of a pain since modern browsers totally freak out when they see them. Two options are you add a host file entry to use the production domain in development so you can re-use the cert on your dev server, or spring for a wildcard cert. They are more expensive (about $700) but allow you to secure * We do that and install it on our local, dev, test, stage, product, you-name-it environments. We also use multiple sub-domains in production, so its kind of a requirement for us anyway.



That is a good idea, I will just use the domain name and re use the cert I already have setup, thanks for the suggestions!

So can i just do something like this then?

component extends=“coldbox.system.beans.requestContextDecorator” {

public void function configure(){


/* override built in method */
public String function buildLink(String linkto){
return super.buildLink(linkto=arguments.linkto,ssl=true);


If you want all links to be in ssl, then yes. Maybe make it more flexible and make ssl=true as the default, instead of never being able to change it.

Luis F. Majano
Ortus Solutions, Corp

ColdBox Platform:
Linked In:
IECFUG Manager: