Running OpenELIS Global 2 without SSL

Hi guys!

Wondering if there is a way to run OpenELIS without SSL.
I see that HttpClientConfig.java relies on providing SSL certificates. (for client and server auth). That’s great for production use.

But in the context of setting up a development environment, I would like to keep things simple and avoid SSL auth altogether.

How would you approach this? (@calebslane)

1 Like

HI @mksrom,

Unfortunately there is no easy configuration option to tell OpenELIS to operate without its keystore and truststore, but it is possible to allow http connections by going into web.xml and changing <transport-guarantee>CONFIDENTIAL</transport-guarantee> to <transport-guarantee>NONE</transport-guarantee>. This will stop the redirect from port 8080 to 8443, but the application will probably still fail to deploy unless it thinks it has the valid ssl files.

In the OpenELIS project, we use the dev keystore/truststore (located in ./dev/https, password testtest for both) to facilitate all our dev testing. If you’d like to use those, and are running the application through docker-compose, you may need to confirm that the docker secrets keystore and truststore are pointing to the right files (./dev/https/oe_selfsigned.truststore and ./dev/https/oe_selfsigned.keystore).

To fully remove the expectation that all communication will happen through https would mean having to edit HttpClientConfig.java, server.xml for OE, and server.xml for hapi-fhir-jpaserver so that there was no attempt at setting up ssl for any part of the application (in addition to changing the CONFIDENTIAL to NONE).

1 Like