How Flowable Engine can perform https calls and sending SSL certificate and key

#1

Hi,

We have a Flowable model that perform https call to another Spring Boot application.
That Spring Boot application have the necessary trusted stored setup to enforce the security. The API have been tested with Postman by setting the CRT and Private Key. Therefore I know that part is working.

Although it is not clear, from the Flowable Engine how to send our Certificate (.crt) with the private key to allow the Flowable Engine to securely perform the https call to that external system.

Perhaps there is some additional configuration required in the flowable.cfg.xml?

Thank you.

#2

In order to configure and https listener for your api that can be connected to by a flowable consumer or any other consumer you’ll need to provide a bit more information.

Is the certificate being used by your API to provide an https connection a self signed certificate? If so, then you’ll need to ensure that the public key of either the self signed cert, or the private CA that issued it, is added to the cacerts of the JVM being used by your flowable app.

There should be no private key required by the flowable consumer. If your API is configured correctly then all that flowable, or any other consumer for that matter, would need is the public key of the self signed cert or the CA that issued the cert your API is using to be configured in the cacerts of the JVM being used by your flowable app.

Providing the related errors from the Catalina.out file would also be helpful in debugging your issue

#3

I believe he’s asking where do you configure the private key location in flowable config (of the Spring boot app) so the http REST activity does https. Not so much on what the consumer needs.

#4

Thank you for your response. Sorry if my request was not clear enough. Please check railrhoad comment above. This is exactly what we want to do. It is unclear how to configure the private key location.

#5

Hi,

Currently the following configuration is supported:

https://flowable.org/docs/userguide/index.html#bpmnHttpTaskClientConfiguration

The HttpClientConfig can be extended to also support two-way SSL and support adding a certificate and key store. This would be a good new feature.

In the meantime you can add a http request handler to the http service task and customise the HttpClient as needed:

This is an example BPMN XML file:

Best regards,

Tijs