AnsweredAssumed Answered

Activiti over https using self signed SSL certificate

Question asked by nommyravian on Nov 9, 2012
Latest reply on Nov 6, 2014 by bam
Hi,
I think that it's not the right forum to ask this question because it's related to tomcat but I'm posting if here to see if somebody already has tried this and could help me.

I'm trying to create a self signed certificate using keytool java and import it in firefox and chrome. On the other hand the keystore is in tomcat and server.xml has updated for https. I want activiti explore running over https where the client can also be authenticated against the created certificate.

I'm using following batch file;
@echo off
if "%1" == "" goto usage

keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password
keytool -genkeypair -alias %1 -keystore %1.p12 -storetype pkcs12 -keyalg RSA -dname "CN=%1,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password
keytool -exportcert -alias %1 -file %1.cer -keystore %1.p12 -storetype pkcs12 -storepass password
keytool -importcert -keystore server.jks -alias %1 -file %1.cer -v -trustcacerts -noprompt -storepass password
keytool -list -v -keystore server.jks -storepass password
del %1.cer
goto end

:usage
echo Need user id as first argument: generate_keystore [username]
goto end

:end
pause

The results are two files. One called server.jks that I dropped into Tomcat and another file called {username}.p12 that I imported into firefox and chrome both. The server.jks file has the client certificate added as a trusted cert.

And here is the the XML that I updated in Tomcat conf/sever.xml file

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
            keystoreFile="${user.home}/server.jks" keystorePass="changeit"
               clientAuth="true" sslProtocol="TLS" />

Now the problem is when I use clientAuth="false", actitivi explorer runs over https but when I use clientAuth="true" the imported certificate is not authenticated and activiti explorer doesn't show up. Does anybody know what problem could be? If anybody has tried the same thing in a different way then please share it with me. I want activiti explorer running over https using SSL certificate for authenticating the client.

Thank you in advance.

regards,
Salman

Outcomes