Skip to main content

Hi all,

 

I have an issue in getting the certificate to work for HTTPS URL of FME Server.

 

I have used this URL as reference: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/configuring_for_https.htm

 

I did use these steps to create Keystore:

• Open a command prompt as administrator and navigate to the Java bin directory (C:\\Program Files\\FMEServer\\Utilities\\jre\\bin )

• Run the following command to create a new keystore file:

keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

• After running the previous command, you are prompted to set a password for the new keystore and specify the server domain name (for example, myserver.mydomain (My FME Server) as your first and last name.

• Password: mypass

• When prompted for the password for the alias <tomcat>, press RETURN.

• A new keystore is created in C:\\Program Files\\FMEServer\\Utilities\\jre\\bin\\

• Copy the new keystore file to the tomcat directory in the FME Server installation: C:\\Program Files\\FMEServer\\Utilities\\tomcat\\

 

 

For Certificate I did tried to use different ways.

Way1: CA-issued certificate:

1. Generate a certificate signing request (CSR):

keytool -certreq -keyalg RSA -alias tomcat –file certreq.csr -keystore tomcat.keystore

2. Submit the CSR (certreq.scr) to your CA to obtain a certificate, issued a certificate (export from CA)

3. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file TomcatCer.cer

 

Way2: I’ve also tried this way after unsuccessful process, because I was thinking the problem is with certificate, so I remove Keystore, recreate it and I’ve done following steps. (After I’ve done the whole process and it was unsuccessful, I did this)

1. Export valid certificate which I had on that server

2. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file GoDady.cer

 

Configure Tomcat

I’ve also done the configuration based on document on these three XMLs and I think its ok, because except certificate issue, I don’t have any issue.

• Configure server.xml

• Configure web.xml

• Configure context.xml

 

And finally I’ve modified Service URLs to Use HTTPS on FME Server.

 

But I’m getting this error and I couldn’t find a way around this ( I did try two ways of configuring certificate as I explained)

I clicked on invalid certificate and I can see all the setting I’ve done when I was creating keystore.

 

So it looks like its not having valid certificate.

 

Just wondering what am I missing and what should I do to fix the issue? Thanks.

Hi @akheirabadi​,

 

Out of curiosity, have you tried running through the FME Server Troubleshooting HTTPS and SSL article? This article covers a number of things to check when running into issues with configuring HTTPS on FME Server.

 

Please let me know if that doesn't resolve the issue!


Thanks @chrisatsafe​  for your response.

 

Yes I did check that one before and my problem is number 7 in the list, but I cannot find where I did mistake. I tried all steps as I explained on two servers and got the same problem.

 

Cheers


It could be worth giving this a try?

https://community.safe.com/s/article/pkix-path-issues-when-configuring-ssl-for-fme-serv

 


Thanks guys, the problem was related to certificate. It has been resolved by using the right certificate.


Reply