Hi @geojan,
In the FME Server Web UI under Admin > System Configuration > Networking > Services you will likely need to 'Change All Hosts' to change the URLs from http to https.
Please let me know if this does not fix the issue.
Hi @geojan,
In the FME Server Web UI under Admin > System Configuration > Networking > Services you will likely need to 'Change All Hosts' to change the URLs from http to https.
Please let me know if this does not fix the issue.
Hi @hollyatsafe, thanks for your response. We already changed the URLs to HTTPS, so this doesn't solve our problem. Any other ideas?
Hi @hollyatsafe, thanks for your response. We already changed the URLs to HTTPS, so this doesn't solve our problem. Any other ideas?
Hi @geojan,
Ok, did you also complete step 4 in the instructions you linked - updated the fmeServerConfig FME_SERVER_WEB_URL parameter?
Please could you share the Catalina and localhost_ access logs (resources/logs/tomcat) as well as the fmeserver logs (resources/logs/core) so we can see if they contain any more information on the error.
Hi @geojan,
Ok, did you also complete step 4 in the instructions you linked - updated the fmeServerConfig FME_SERVER_WEB_URL parameter?
Please could you share the Catalina and localhost_ access logs (resources/logs/tomcat) as well as the fmeserver logs (resources/logs/core) so we can see if they contain any more information on the error.
Sure, hereby the demanded log files:
catalina.txt
fmeserver.txt
localhost_access_log.2018-12-06.txt.txt
Sure, hereby the demanded log files:
catalina.txt
fmeserver.txt
localhost_access_log.2018-12-06.txt.txt
Hi @geojan,
Thank you for sharing those. In the Catalina log there is a severe warning:
PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
For your Self Signed Certificate what is the extension and the signing authority? I suspect it is .pfx in which case you may need to carry out some additional configuration steps. Please review the following articles to help get this set up:
https://knowledge.safe.com/articles/80611/fme-server-and-httpsssl-pfx-certificate.html
https://knowledge.safe.com/articles/19708/pkix-path-issues-when-configuring-ssl-for-fme-serv.html
Hi @geojan,
Thank you for sharing those. In the Catalina log there is a severe warning:
PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
For your Self Signed Certificate what is the extension and the signing authority? I suspect it is .pfx in which case you may need to carry out some additional configuration steps. Please review the following articles to help get this set up:
https://knowledge.safe.com/articles/80611/fme-server-and-httpsssl-pfx-certificate.html
https://knowledge.safe.com/articles/19708/pkix-path-issues-when-configuring-ssl-for-fme-serv.html
Hello @hollyatsafe, Sorry for the very late response. The extension of the certificate is .p7b and the signing authority is my organisation. Should we than take extra configuration steps? If so, which ones?
Hello @hollyatsafe, Sorry for the very late response. The extension of the certificate is .p7b and the signing authority is my organisation. Should we than take extra configuration steps? If so, which ones?
Hi @geojan,
- Can you check the certificate status and expiration date in your browser.
- Can you also use OpenSSL for more detailed debugging (https://www.endpoint.com/blog/2017/10/04/pkix-path-validation-failed-debugging) to confirm certificate status is valid.
- Can you confirm you imported the certificate into the cacerts as well?
- Can you run through this troubleshooting guide
If all of these are ok then please try removing the certificate from the keystone and following these instructions to reinstall the certificate.
Hi @geojan,
- Can you check the certificate status and expiration date in your browser.
- Can you also use OpenSSL for more detailed debugging (https://www.endpoint.com/blog/2017/10/04/pkix-path-validation-failed-debugging) to confirm certificate status is valid.
- Can you confirm you imported the certificate into the cacerts as well?
- Can you run through this troubleshooting guide
If all of these are ok then please try removing the certificate from the keystone and following these instructions to reinstall the certificate.
@hollyatsafe, thanks for your response again. WIth upgrading to FME Server 2019.0.0.1 and reinstalling the certificate the issue was solved!
