Skip to main content
  • EN

Hi all,

 

I have an issue in getting the certificate to work for HTTPS URL of FME Server.

 

I have used this URL as reference: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/configuring_for_https.htm

 

I did use these steps to create Keystore:

• Open a command prompt as administrator and navigate to the Java bin directory (C:\\Program Files\\FMEServer\\Utilities\\jre\\bin )

• Run the following command to create a new keystore file:

keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

• After running the previous command, you are prompted to set a password for the new keystore and specify the server domain name (for example, myserver.mydomain (My FME Server) as your first and last name.

• Password: mypass

• When prompted for the password for the alias <tomcat>, press RETURN.

• A new keystore is created in C:\\Program Files\\FMEServer\\Utilities\\jre\\bin\\

• Copy the new keystore file to the tomcat directory in the FME Server installation: C:\\Program Files\\FMEServer\\Utilities\\tomcat\\

 

 

For Certificate I did tried to use different ways.

Way1: CA-issued certificate:

1. Generate a certificate signing request (CSR):

keytool -certreq -keyalg RSA -alias tomcat –file certreq.csr -keystore tomcat.keystore

2. Submit the CSR (certreq.scr) to your CA to obtain a certificate, issued a certificate (export from CA)

3. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file TomcatCer.cer

 

Way2: I’ve also tried this way after unsuccessful process, because I was thinking the problem is with certificate, so I remove Keystore, recreate it and I’ve done following steps. (After I’ve done the whole process and it was unsuccessful, I did this)

1. Export valid certificate which I had on that server

2. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file GoDady.cer

 

Configure Tomcat

I’ve also done the configuration based on document on these three XMLs and I think its ok, because except certificate issue, I don’t have any issue.

• Configure server.xml

• Configure web.xml

• Configure context.xml

 

And finally I’ve modified Service URLs to Use HTTPS on FME Server.

 

But I’m getting this error and I couldn’t find a way around this ( I did try two ways of configuring certificate as I explained)

I clicked on invalid certificate and I can see all the setting I’ve done when I was creating keystore.

 

So it looks like its not having valid certificate.

 

Just wondering what am I missing and what should I do to fix the issue? Thanks.

Hi @akheirabadi​,

 

Out of curiosity, have you tried running through the FME Server Troubleshooting HTTPS and SSL article? This article covers a number of things to check when running into issues with configuring HTTPS on FME Server.

 

Please let me know if that doesn't resolve the issue!

Thanks @chrisatsafe​  for your response.

 

Yes I did check that one before and my problem is number 7 in the list, but I cannot find where I did mistake. I tried all steps as I explained on two servers and got the same problem.

 

Cheers

It could be worth giving this a try?

https://community.safe.com/s/article/pkix-path-issues-when-configuring-ssl-for-fme-serv

 

Thanks guys, the problem was related to certificate. It has been resolved by using the right certificate.

Reply


Community Stats

30,149
Posts
114,438
Replies
37,793
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.