https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105609#M73832 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><SPAN>I think that it's not the right forum to ask this question because it's related to tomcat but I'm posting if here to see if somebody already has tried this and could help me.</SPAN><BR /><BR /><SPAN>I'm trying to create a self signed certificate using keytool java and import it in firefox and chrome. On the other hand the keystore is in tomcat and server.xml has updated for https. I want activiti explore running over https where the client can also be authenticated against the created certificate.</SPAN><BR /><BR /><SPAN>I'm using following batch file;</SPAN><BR /><PRE class="language-none line-numbers"><CODE>@echo off<BR />if "%1" == "" goto usage<BR /><BR />keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password<BR />keytool -genkeypair -alias %1 -keystore %1.p12 -storetype pkcs12 -keyalg RSA -dname "CN=%1,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password<BR />keytool -exportcert -alias %1 -file %1.cer -keystore %1.p12 -storetype pkcs12 -storepass password<BR />keytool -importcert -keystore server.jks -alias %1 -file %1.cer -v -trustcacerts -noprompt -storepass password<BR />keytool -list -v -keystore server.jks -storepass password<BR />del %1.cer<BR />goto end<BR /><BR />:usage<BR />echo Need user id as first argument: generate_keystore [username]<BR />goto end<BR /><BR />:end<BR />pause<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>The results are two files. One called server.jks that I dropped into Tomcat and another file called {username}.p12 that I imported into firefox and chrome both. The server.jks file has the client certificate added as a trusted cert.</SPAN><BR /><BR /><SPAN>And here is the the XML that I updated in Tomcat conf/sever.xml file </SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE>&lt;Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; maxThreads="150" scheme="https" secure="true"<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; keystoreFile="${user.home}/server.jks" keystorePass="changeit"<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clientAuth="true" sslProtocol="TLS" /&gt;<SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><STRONG>Now the problem is when I use clientAuth="false", actitivi explorer runs over https</STRONG><SPAN> but when I use </SPAN><STRONG>clientAuth="true"</STRONG><SPAN> the imported certificate is not authenticated and activiti explorer doesn't show up. Does anybody know what problem could be? If anybody has tried the same thing in a different way then please share it with me. I want activiti explorer running over https using SSL certificate for authenticating the client.</SPAN><BR /><BR /><SPAN>Thank you in advance.</SPAN><BR /><BR /><SPAN>regards,</SPAN><BR /><SPAN>Salman</SPAN></BODY></HTML> Fri, 09 Nov 2012 14:36:21 GMT nommyravian 2012-11-09T14:36:21Z https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105609#M73832 Hi,I think that it's not the right forum to ask this question because it's related to tomcat but I'm posting if here to see if somebody already has tried this and could help me.I'm trying to create a self signed certificate using keytool java and import it in firefox and chrome. On the other hand th Fri, 09 Nov 2012 14:36:21 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105609#M73832 nommyravian 2012-11-09T14:36:21Z https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105610#M73833 <HTML><HEAD></HEAD><BODY><SPAN>This is a more general tomcat/HTTPS question, rather than an activiti-question. I think you'll have more luck on forums specialized in that, than an on activiti user-forum…</SPAN></BODY></HTML> Fri, 16 Nov 2012 10:14:02 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105610#M73833 frederikherema1 2012-11-16T10:14:02Z https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105611#M73834 <HTML><HEAD></HEAD><BODY><SPAN>Too bad I was looking for the exact same stuff, having issues also.</SPAN></BODY></HTML> Thu, 06 Nov 2014 08:05:18 GMT https://connect.hyland.com/t5/alfresco-archive/activiti-over-https-using-self-signed-ssl-certificate/m-p/105611#M73834 bam 2014-11-06T08:05:18Z