after i generated my self-signed certificate with its pair keys where i should configure it so i can perform https calls from flowable engine
Hi,
could you explain a bit more what you are trying to do?
Do you want the UI app(s) to have SSL / HTTPS enabled?
Or do you want to execute SSL calls from f.e. a HTTP task?
Regards,
Yvo
hi yvo,
thank you for your response,
i actually want ui app(s) https enabled
Regards,
ilias
hi
to be more specific im using flowable-all-in-one image docker i tried to copy the certifcat to the container and import it to the cacerts of the JVM of the container it says in the console that it is added successfully but when i try to call the apps with https it dosnt work i tried also to modifie server.xml in tamcat/conf but it didnt work also
im looking forward to your answer im new to flowable
Best regards
Hi.
Couple of things.
First. When deploying / running containers it’s common practice to handle SSL termination outside of the container. For example by placing a reverse proxy in front of it.
But if there is somehow a requirement to do it inside the container. This is also possible. Because Flowable UI uses Spring Security this is not a Flowable specific question but more Spring related.
Also; you’re referring to the flowable-all-in-one image. This more than 2 years old. Please use the flowable-ui image.
In short these are the required steps.
keytool -genkeypair -alias springboot -keyalg RSA -keysize 4096 -storetype PKCS12 -keystore springboot.p12 -validity 3650 -storepass password
docker run --rm --name flowable-ui \
-p 443:8443 \
-v springboot.p12:/keystore.p12 \
flowable/flowable-ui:6.7.2 \
--server.ssl.key-store=file:/keystore.p12 \
--server.ssl.key-store-password=password \
--server.ssl.key-store-type=pkcs12 \
--server.ssl.key-alias=springboot \
--server.ssl.key-password=password \
--server.port=8443
This will start the servlet container on port 8443 (mapped to 443). Using the provided keystore for SSL.
Hope this helps.
Regards,
Yvo
hi yvo,
i really appreciate your answer,
still doesn’t work it tells me that “Short read of DER length” i tryed to convert the key to “.der” instead of “.p12” but it seems that it can’t be converted cuz it not a certificat its just keypairs
i’m sorry for bothering you, looking forward to your reply
Thank you again,
ilias
Hi.
I’m sorry you aren’t able to get it working.
I think the procedure to configure the servlet container within the docker container is clear now.
But this is really something specific to keystore / certificate formats and not a Flowable (Docker) related question.
Regards,
Yvo
Hello,
I want to do the same thing but I’m not using docker, I’m using flowable on a Linux server. I’m using flowable 6 version with flowable-ui and I want to launch this one with https and not http.
Can you help me ?
Thanks.
Hi,
the procedure is the same.
The given example shows the properties that need to be set.
In the example they are passed to the docker container. In your case the need to be put on the class path.
In addition. The reverse proxy scenario can also be applied to your case.
Regards,
Yvo
Hello,
sorry but I’m newbie with flowable. Can you give me an example or a solution in my case ? I looked in my flowable directory, and the only classpath element I found is the classpath.idx file in the WEB-INF directory. I’ve got auto-signed certificats (a crt file and a key file). Can I add them to the parameters ?
Thanks in advance for your help.
Regards.
Note: I don’t have a proxy.
Hi,
How are you running Flowable? As an executable jar? Or deployed on a servlet container? F.e Tomcat?
Yvo
In my case, Flowable is installed on a Linux server (Ubuntu) with the following tools : Jdk, Maven and Tomcat. The flowable files (from version 6 : flowable-rest and flowable-ui) are installed in webapps directory of Tomcat. I also use an independant database for saving the work from flowable.
In that case you need to look into how to configure Tomcat for ssl / https.
For example in this guide;
https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
Regards,
Yvo
Also; be aware that running both flowable-rest and flowable-ui will both start the flowable engines.
In most cases only one of the two should be required depending on your use case.
Yvo
Ok. I’m going to look at SSL on Tomcat. Thanks for the link and for your help. 
Regards.