Has anyone performed an installation of FME Flow 2025.1 and chosen to configure HTTPS during installation?
Anything to watch out for?
Has anyone performed an installation of FME Flow 2025.1 and chosen to configure HTTPS during installation?
Anything to watch out for?
Hi
I am curious about the Automatic HTTPS Configuration for FME Flow. FME 2025.1 - Feature Highlights | Community
Will be following this conversation and contributing where I can.
It should work out of the box, i did encounter no problems with a valid pfx-certificate store.
After installation i was able to access the web ui via HTTPS and so the mandatory first admin account pw change did already happen in a secure way.
One issue could be a missing certificate chain, if your pfx container does contain a certificate from an internal (company) CA:
You’ll notice this the moment you’ll try to run a workspace from the UI and get an error message. (In the Apache logfile you’ll see some more error regarding the failed chain check.)
Then do the following:
Then “Run workspace” via UI should work.
(~ the procedure is also described in the official doc, only it does the same via the jre commandline tool keytool. I find using the Keystore Explorer much easier. This tool and a Notepad++ are the two mandatoy tools every FME Flow Admin should have at hand ;) )
If you have a CA certificate you need to modify a few config files. I didnt find it very straight forward to configure for HTTPS. See: https://docs.safe.com/fme/html/FME-Flow/AdminGuide/configuring_for_https.htm
An adjacent script I noticed is configureSSL.ps1 - "C:\Program Files\FMEFlow\Utilities\configureSSL.ps1
Gives you option to revert the SSL configuration and update the certificate
Out of the installs I have completed, the only issue I had was that I entered a wrong password for one pfx. And then all FME Flow services were running after install but I was getting no UI. Check of the logs pointed it out and then back into the actual config file to change the password.
I’m still using nginx in front of FME Flow as it means no https config for Flow. I just put the cert in nginx and let it reverse proxy FME Flow. We use windows, but I believe this is the recommended approach for Linux and is how FME Flow hosted is deployed.