Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Activiti over https using self signed SSL certificate

nommyravian
Champ in-the-making
Champ in-the-making

‎11-09-2012 09:36 AM

Hi,
I think that it's not the right forum to ask this question because it's related to tomcat but I'm posting if here to see if somebody already has tried this and could help me.

I'm trying to create a self signed certificate using keytool java and import it in firefox and chrome. On the other hand the keystore is in tomcat and server.xml has updated for https. I want activiti explore running over https where the client can also be authenticated against the created certificate.

I'm using following batch file;
@echo off
if "%1" == "" goto usage

keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password
keytool -genkeypair -alias %1 -keystore %1.p12 -storetype pkcs12 -keyalg RSA -dname "CN=%1,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password
keytool -exportcert -alias %1 -file %1.cer -keystore %1.p12 -storetype pkcs12 -storepass password
keytool -importcert -keystore server.jks -alias %1 -file %1.cer -v -trustcacerts -noprompt -storepass password
keytool -list -v -keystore server.jks -storepass password
del %1.cer
goto end

:usage
echo Need user id as first argument: generate_keystore [username]
goto end

:end
pause

The results are two files. One called server.jks that I dropped into Tomcat and another file called {username}.p12 that I imported into firefox and chrome both. The server.jks file has the client certificate added as a trusted cert.

And here is the the XML that I updated in Tomcat conf/sever.xml file 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
            keystoreFile="${user.home}/server.jks" keystorePass="changeit"
               clientAuth="true" sslProtocol="TLS" />

Now the problem is when I use clientAuth="false", actitivi explorer runs over https but when I use clientAuth="true" the imported certificate is not authenticated and activiti explorer doesn't show up. Does anybody know what problem could be? If anybody has tried the same thing in a different way then please share it with me. I want activiti explorer running over https using SSL certificate for authenticating the client.

Thank you in advance.

regards,
Salman
Labels:
0 Kudos
2 REPLIES 2

frederikherema1
Star Contributor
Star Contributor

‎11-16-2012 05:14 AM

This is a more general tomcat/HTTPS question, rather than an activiti-question. I think you'll have more luck on forums specialized in that, than an on activiti user-forum…
0 Kudos

bam
Champ in-the-making
Champ in-the-making

‎11-06-2014 03:05 AM

Too bad I was looking for the exact same stuff, having issues also.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC