FME Flow 2025.1 - Configuring HTTPS during installation

Hi ​@ebygomm I am planning the to do the same. We currently are intranet bound but would like to move to SSL at the same time we upgrade to 2025.1. 
I am curious about the Automatic HTTPS Configuration for FME Flow. FME 2025.1 - Feature Highlights | Community

Will be following this conversation and contributing where I can.

It should work out of the box, i did encounter no problems with a valid pfx-certificate store.

After installation i was able to access the web ui via HTTPS and so the mandatory first admin account pw change did already happen in a secure way.

One issue could be a missing certificate chain, if your pfx container does contain a certificate from an internal (company) CA:
You’ll notice this the moment you’ll try to run a workspace from the UI and get an error message. (In the Apache logfile you’ll see some more error regarding the failed chain check.)

Then do the following:

1. Use https://keystore-explorer.org/ to open the keystore file <FMEFlowHome>\Utilities\jre\lib\security\cacerts → the password is “changeme”
2. Use the tool Examine → Examine SSL to retrieve root, intermediate and certificate from your FME Flow via its dns name and port 443
3. Then click on both root- and intermediate certificate once and import both. (No need to import the cert itself)
4. Safe the keystore
5. Restart FME Flow (or at least the FME Flow Application server service)

Then  “Run workspace” via UI should work.

(~ the procedure is also described in the official doc, only it does the same via the jre commandline tool keytool. I find using the Keystore Explorer much easier. This tool and a Notepad++ are the two mandatoy tools every FME Flow Admin should have at hand ;) )

If you have a CA certificate you need to modify a few config files. I didnt find it very straight forward to configure for HTTPS. See: https://docs.safe.com/fme/html/FME-Flow/AdminGuide/configuring_for_https.htm

An adjacent script I noticed is configureSSL.ps1 -  "C:\Program Files\FMEFlow\Utilities\configureSSL.ps1

Gives you option to revert the SSL configuration and update the certificate

Out of the installs I have completed, the only issue I had was that I entered a wrong password for one pfx. And then all FME Flow services were running after install but I was getting no UI. Check of the logs pointed it out and then back into the actual config file to change the password. 

I’m still using nginx in front of FME Flow as it means no https config for Flow. I just put the cert in nginx and let it reverse proxy FME Flow. We use windows, but I believe this is the recommended approach for Linux and is how FME Flow hosted is deployed.