Skip to content

SSL

Jump to bottom
Akram El Assas edited this page Jul 12, 2025 · 34 revisions

You can enable SSL for Wexflow server for both Windows Service (.NET 4.8) and the Console App (.NET 9.0+). This feature will be available in Wexflow 9.2 and above.

Installation Options

Windows Service (.NET 4.8)

Install Wexflow as a Windows Service using one of the following installers (.NET 4.8)

  • wexflow-x.x-windows-x64.exe (64-bit)
  • wexflow-x.x-windows-x86.exe (32-bit)

Console App (.NET 9.0+)

Install Wexflow as a cross-platform console app on Windows, Linux, or macOS:

  • wexflow-x.x-windows-netcore.zip
  • wexflow-x.x-linux-netcore.zip
  • wexflow-x.x-macos-netcore.zip

Dev

To generate a self-signed certificate for development:

  • On Windows, use the ssl.ps1 script
  • On Linux, use the ssl.sh script

You can test with the following endpoint: https://localhost:8000/api/v1/hello

Backend

Update Wexflow Service Uri in Backend/js/settings.js as follows:

window.Settings = (function () {
    const hostname = (window.location.hostname === "" ? "localhost" : window.location.hostname);
    const port = 8000;

    return {
        Hostname: hostname,
        Port: port,
        Uri: "https://" + hostname + ":" + port + "/api/v1/"
    };
})();

Console App (.NET 9.0+)

Prerequisites

Generate .pfx certificate file.

Windows

  1. Install Win64 OpenSSL
  2. Add C:\Program Files\OpenSSL-Win64\bin to your PATH environment variable
  3. Open a PowerShell and run the following command to export your certificate to PFX:
$KEY = "C:\Wexflow-netcore\wexflow.key"
$CRT = "C:\Wexflow-netcore\wexflow.crt"
$PFX = "C:\Wexflow-netcore\wexflow.pfx"
$PASSWORD = "wexflow2018"
openssl pkcs12 -export -out $PFX -inkey $KEY -in $CRT -password pass:$PASSWORD

Linux

KEY="/opt/wexflow/Wexflow/wexflow.key"
CRT="/opt/wexflow/Wexflow/wexflow.crt"
PFX="/opt/wexflow/Wexflow/wexflow.pfx"
PASSWORD="wexflow2018"
openssl pkcs12 -export -out "$PFX" -inkey "$KEY" -in "$CRT" -password pass:"$PASSWORD"

macOS

KEY="/Applications/wexflow/Wexflow/wexflow.key"
CRT="/Applications/wexflow/Wexflow/wexflow.crt"
PFX="/Applications/wexflow/Wexflow/wexflow.pfx"
PASSWORD="wexflow2018"
openssl pkcs12 -export -out "$PFX" -inkey "$KEY" -in "$CRT" -password pass:"$PASSWORD"

Notes

  • Self-signed certificate warning:
    If you're using a self-signed certificate, browsers will show a security warning unless the certificate is explicitly trusted on your system.

Wexflow Server (Windows)

Edit .\Wexflow.Server\appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "C:\\Wexflow-netcore\\wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Then restart the server.

Wexflow Server (Linux)

Place your PXF in /opt/wexflow/Wexflow/wexflow.pfx.

Edit /opt/Wexflow/Wexflow.Server/appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "/opt/wexflow/Wexflow/wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Open Terminal and run the following command to restart wexflow service:

sudo systemctl restart wexflow

Wexflow Server (macOS)

Place your PFX in /Applications/wexflow/Wexflow/wexflow.pfx.

Edit /Applications/Wexflow/Wexflow.Server/appsettings.json:

{
  "HTTPS": true,
  "PfxFile": "/Applications/wexflow/Wexflow/wexflow.pfx",
  "PfxPassword": "wexflow2018"
}

Open Terminal and run:

cd /Applications/wexflow/Wexflow.Server
dotnet Wexflow.Server.dll

Windows Service (.NET 4.8)

Enable HTTPS for Wexflow Windows Service

  1. Set HTTPS option to true in C:\Program Files\Wexflow\Wexflow.Server.exe.config

  2. Restart Wexflow Windows Service

Install the certificate

  • Open the MMC console (Win + R, then type mmc)
  • Install wexflow.crt in Trusted Root Certification Authorities (Local Computer)
  • Install wexflow.pfx in Personal store (Local Computer)
  • Locate your SSL certificate, double-click it
  • Go to the Details tab, find Thumbprint
  • Copy the thumbprint and remove all spaces

Get private key path

$thumb = "81d53a62964240b8d2cc77b40bf7e6c758554afc"
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $thumb }
$keyName = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$keyPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyName"
$keyPath

Example output:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b

Grant permissions to Network Service and SYSTEM

icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b" /grant *S-1-5-20:R
icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\088395182206fa2acc494753b3099972_4ced353e-566d-4394-821c-bc9f487c4b5b" /grant *S-1-5-18:R

Bind the certificate to port 8000

  • Generate a new GUID for appid in PowerShell:
New-Guid
  • Run the following command (replace the certhash and appid with your values):
netsh http add sslcert ipport=0.0.0.0:8000 certhash=81d53a62964240b8d2cc77b40bf7e6c758554afc appid="{05e46c28-0ed2-4ac0-9473-e78190a425d4}"
  • Verify the binding:
netsh http show sslcert ipport=0.0.0.0:8000

Copyright © Akram El Assas. All rights reserved.

  1. Install Guide
  2. HTTPS/SSL
  3. Screenshots
  4. Docker
  5. Configuration Guide
    1. Wexflow Server
    2. Wexflow.xml
    3. Admin Panel
    4. Authentication
  6. Persistence Providers
  7. Getting Started
  8. Android App
  9. Local Variables
  10. Global Variables
  11. REST Variables
  12. Functions
  13. Cron Scheduling
  14. Command Line Interface (CLI)
  15. REST API Reference
    1. Introduction
    2. JWT Authentication
    3. Sample Clients
      1. C# Client
      2. JavaScript Client
      3. PHP Client
      4. Python Client
      5. Go Client
      6. Rust Client
      7. Ruby Client
      8. Java Client
      9. C++ Client
    4. Security Considerations
    5. Swagger
    6. Workflow Notifications via SSE
      1. C# SSE Client
      2. JavaScript SSE Client
      3. PHP SSE Client
      4. Python SSE Client
      5. Go SSE Client
      6. Rust SSE Client
      7. Ruby SSE Client
      8. Java SSE Client
      9. C++ SSE Client
    7. Endpoints
  16. Samples
    1. Sequential workflows
    2. Execution graph
    3. Flowchart workflows
      1. If
      2. While
      3. Switch
    4. Approval workflows
      1. Simple approval workflow
      2. OnRejected workflow event
      3. YouTube approval workflow
      4. Form submission approval workflow
    5. Workflow events
  17. Logging
  18. Custom Tasks
    1. Introduction
    2. General
      1. Creating a Custom Task
      2. Wexflow Task Class Example
      3. Task Status
      4. Settings
      5. Loading Files
      6. Loading Entities
      7. Need A Starting Point?
    3. Installing Your Custom Task in Wexflow
      1. .NET Framework 4.8 (Legacy Version)
      2. .NET 8.0+ (Stable Version)
      3. Referenced Assemblies
      4. Updating a Custom Task
      5. Using Your Custom Task
    4. Suspend/Resume
    5. Logging
    6. Files
    7. Entities
    8. Shared Memory
    9. Designer Integration
      1. Registering the Task
      2. Adding Settings
    10. How to Debug a Custom Task?
  19. Built-in Tasks
    1. File system tasks
    2. Encryption tasks
    3. Compression tasks
    4. Iso tasks
    5. Speech tasks
    6. Hashing tasks
    7. Process tasks
    8. Network tasks
    9. XML tasks
    10. SQL tasks
    11. WMI tasks
    12. Image tasks
    13. Audio and video tasks
    14. Email tasks
    15. Workflow tasks
    16. Social media tasks
    17. Waitable tasks
    18. Reporting tasks
    19. Web tasks
    20. Script tasks
    21. JSON and YAML tasks
    22. Entities tasks
    23. Flowchart tasks
    24. Approval tasks
    25. Notification tasks
    26. SMS tasks
  20. Run from Source
  21. Fork, Customize, and Sync
Clone this wiki locally