Skip to content

SSL

Jump to bottom
Akram El Assas edited this page Jul 21, 2025 · 34 revisions

HTTPS/SSL support is available in Wexflow starting from version 9.2. You can enable it for both .NET 4.8 and .NET 9.0+ versions.

Table Of Contents

  1. Installation Options
    1. .NET 4.8
    2. .NET 9.0+
  2. Development Certificates (Self-Signed)
  3. Admin Panel
  4. .NET 9.0+
    1. Prerequisites
    2. Windows
    3. Linux
    4. macOS
    5. Notes
    6. Wexflow Server (Windows)
    7. Wexflow Server (Linux)
    8. Wexflow Server (macOS)
  5. .NET 4.8
    1. Enable HTTPS for Wexflow Windows Service
    2. Install the certificate
    3. Get private key path
    4. Grant permissions to Network Service and SYSTEM
    5. Bind the certificate to port 8000

Installation Options

You can find detailed installation instructions here.

.NET 4.8

You can install Wexflow as a Windows Service (targeting .NET Framework 4.8) using one of the following installers:

  • wexflow-x.x-windows-x64.exe (64-bit)
  • wexflow-x.x-windows-x86.exe (32-bit)

.NET 9.0+

You can install Wexflow as a cross-platform app/service (targeting .NET 9.0+) on Windows, Linux, or macOS using one of the following packages:

  • wexflow-x.x-windows-netcore.zip
  • wexflow-x.x-linux-netcore.zip
  • wexflow-x.x-macos-netcore.zip

Note:
Many of the operations in this guide — including installing services, managing certificates, and configuring firewalls or port bindings — require Administrator (Windows) or root (Linux/macOS) privileges.
Be sure to run your terminal or PowerShell with elevated permissions where applicable.

Development Certificates (Self-Signed)

To generate a self-signed certificate for development:

  • On Windows, use the ssl.ps1 script
  • On Linux, use the ssl.sh script

You can test with the following endpoint: https://localhost:8000/api/v1/hello

Admin Panel

No configuration is required to use the admin panel.

If you plan to host the admin panel on a different web server and use HTTPS for the Wexflow server, make sure the web server hosting the admin panel also uses HTTPS. This is necessary to avoid mixed content issues in modern browsers.

By default, the admin panel is available at: https://localhost:8000/

.NET 9.0+

Prerequisites

Generate .pfx certificate file.

Windows

  1. Install Win64 OpenSSL
  2. Add C:\Program Files\OpenSSL-Win64\bin to your PATH environment variable
  3. Open a PowerShell and run the following command to export your certificate to PFX:
$KEY = "C:\Wexflow-netcore\wexflow.key"
$CRT = "C:\Wexflow-netcore\wexflow.crt"
$PFX = "C:\Wexflow-netcore\wexflow.pfx"
$PASSWORD = "wexflow2018"
openssl pkcs12 -export -out $PFX -inkey $KEY -in $CRT -password pass:$PASSWORD

Linux

KEY="/opt/wexflow/Wexflow/wexflow.key"
CRT="/opt/wexflow/Wexflow/wexflow.crt"
PFX="/opt/wexflow/Wexflow/wexflow.pfx"
PASSWORD="wexflow2018"
openssl pkcs12 -export -out "$PFX" -inkey "$KEY" -in "$CRT" -password pass:"$PASSWORD"

macOS

KEY="/Applications/wexflow/Wexflow/wexflow.key"
CRT="/Applications/wexflow/Wexflow/wexflow.crt"
PFX="/Applications/wexflow/Wexflow/wexflow.pfx"
PASSWORD="wexflow2018"
openssl pkcs12 -export -out "$PFX" -inkey "$KEY" -in "$CRT" -password pass:"$PASSWORD"

Notes

  • Self-signed certificate warning:
    If you're using a self-signed certificate, browsers will show a security warning unless the certificate is explicitly trusted on your system.

Wexflow Server (Windows)

Edit .\Wexflow.Server\appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "C:\\Wexflow-netcore\\wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Then restart the server.

Wexflow Server (Linux)

Place your PXF in /opt/wexflow/Wexflow/wexflow.pfx.

Edit /opt/Wexflow/Wexflow.Server/appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "/opt/wexflow/Wexflow/wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Open Terminal and run the following command to restart wexflow service:

sudo systemctl restart wexflow

Wexflow Server (macOS)

Place your PFX in /Applications/wexflow/Wexflow/wexflow.pfx.

Edit /Applications/Wexflow/Wexflow.Server/appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "/Applications/wexflow/Wexflow/wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Open Terminal and run:

cd /Applications/wexflow/Wexflow.Server
dotnet Wexflow.Server.dll

.NET 4.8

Enable HTTPS for Wexflow Windows Service

  1. Set HTTPS option to true in C:\Program Files\Wexflow\Wexflow.Server.exe.config

  2. Restart Wexflow Windows Service

Install the certificate

  • Open the MMC console (Win + R, then type mmc)
  • Install wexflow.crt in Trusted Root Certification Authorities (Local Computer)
  • Install wexflow.pfx in Personal store (Local Computer)
  • Locate your SSL certificate, double-click it
  • Go to the Details tab, find Thumbprint
  • Copy the thumbprint and remove all spaces

Get private key path

$thumb = "81d53a62964240b8d2cc77b40bf7e6c758554afc"
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $thumb }
$keyName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyName"
$keyPath

Example output:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b

Grant permissions to Network Service and SYSTEM

icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b" /grant *S-1-5-20:R
icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b" /grant *S-1-5-18:R

Bind the certificate to port 8000

  • Generate a new GUID for appid in PowerShell:
New-Guid
  • Run the following command (replace the certhash and appid with your values):
netsh http add sslcert ipport=0.0.0.0:8000 certhash=81d53a62964240b8d2cc77b40bf7e6c758554afc appid="{05e46c28-0ed2-4ac0-9473-e78190a425d4}"
  • Verify the binding:
netsh http show sslcert ipport=0.0.0.0:8000

Copyright © Akram El Assas. All rights reserved.

  1. Install Guide
  2. HTTPS/SSL
  3. Screenshots
  4. Docker
  5. Configuration Guide
    1. Wexflow Server
    2. Wexflow.xml
    3. Admin Panel
    4. Authentication
  6. Persistence Providers
  7. Getting Started
  8. Android App
  9. Local Variables
  10. Global Variables
  11. REST Variables
  12. Functions
  13. Cron Scheduling
  14. Command Line Interface (CLI)
  15. REST API Reference
    1. Introduction
    2. JWT Authentication
    3. Sample Clients
      1. C# Client
      2. JavaScript Client
      3. PHP Client
      4. Python Client
      5. Go Client
      6. Rust Client
      7. Ruby Client
      8. Java Client
      9. C++ Client
    4. Security Considerations
    5. Swagger
    6. Workflow Notifications via SSE
      1. C# SSE Client
      2. JavaScript SSE Client
      3. PHP SSE Client
      4. Python SSE Client
      5. Go SSE Client
      6. Rust SSE Client
      7. Ruby SSE Client
      8. Java SSE Client
      9. C++ SSE Client
    7. Endpoints
  16. Samples
    1. Sequential workflows
    2. Execution graph
    3. Flowchart workflows
      1. If
      2. While
      3. Switch
    4. Approval workflows
      1. Simple approval workflow
      2. OnRejected workflow event
      3. YouTube approval workflow
      4. Form submission approval workflow
    5. Workflow events
  17. Logging
  18. Custom Tasks
    1. Introduction
    2. General
      1. Creating a Custom Task
      2. Wexflow Task Class Example
      3. Task Status
      4. Settings
      5. Loading Files
      6. Loading Entities
      7. Need A Starting Point?
    3. Installing Your Custom Task in Wexflow
      1. .NET Framework 4.8 (Legacy Version)
      2. .NET 8.0+ (Stable Version)
      3. Referenced Assemblies
      4. Updating a Custom Task
      5. Using Your Custom Task
    4. Suspend/Resume
    5. Logging
    6. Files
    7. Entities
    8. Shared Memory
    9. Designer Integration
      1. Registering the Task
      2. Adding Settings
    10. How to Debug a Custom Task?
  19. Built-in Tasks
    1. File system tasks
    2. Encryption tasks
    3. Compression tasks
    4. Iso tasks
    5. Speech tasks
    6. Hashing tasks
    7. Process tasks
    8. Network tasks
    9. XML tasks
    10. SQL tasks
    11. WMI tasks
    12. Image tasks
    13. Audio and video tasks
    14. Email tasks
    15. Workflow tasks
    16. Social media tasks
    17. Waitable tasks
    18. Reporting tasks
    19. Web tasks
    20. Script tasks
    21. JSON and YAML tasks
    22. Entities tasks
    23. Flowchart tasks
    24. Approval tasks
    25. Notification tasks
    26. SMS tasks
  20. Run from Source
  21. Fork, Customize, and Sync
Clone this wiki locally