The instructions available for using PFX (step 6 in this document https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/configuring_for_https.htm#Using) says to export as a Base-64 encoded X.509 (CER) file. Appears newer versions of Chrome and Edge only have following options. 
Which would I use instead of CER file and are there differences with importing with keytool into cacerts keystore?
Question
What format to export SSL Certificate as for FME server setup?
+3- Contributor
+54- Celebrity
The version of the certificate that you're trying to download only contain the public key, or in other words, those certificates can only be used to decrypt data.
FME requires a certificate that can both encrypt and decrypt data, which is what a PFX is. A PFX contains a public and private key. This type of cert is what is provided to you by the certification authority when you generate a certificate.
Assuming you're setting this up in a corporate/business environment, you're going to need to touch base with your IT department to get the correct certificate
+3- Contributor
hkingsbury wrote:
The version of the certificate that you're trying to download only contain the public key, or in other words, those certificates can only be used to decrypt data.
FME requires a certificate that can both encrypt and decrypt data, which is what a PFX is. A PFX contains a public and private key. This type of cert is what is provided to you by the certification authority when you generate a certificate.
Assuming you're setting this up in a corporate/business environment, you're going to need to touch base with your IT department to get the correct certificate
So, I already have a PFX certificate, which I was able to install successfully according to the document located in my post. I'm just not sure about step 6 from the "Using a PFX or P12 Certificate" section in that documentation (See below snippet for start of those instructions). Newer versions of Chrome/Edge don't give option of Base-64 encoded .CER files as type you can export as. Honestly, I don't know what Step 6 even accomplishes, as after the PFX was installed and configured opening the URL in browser accepted certificate as valid.
+10- Safer
dave_oppd wrote:
So, I already have a PFX certificate, which I was able to install successfully according to the document located in my post. I'm just not sure about step 6 from the "Using a PFX or P12 Certificate" section in that documentation (See below snippet for start of those instructions). Newer versions of Chrome/Edge don't give option of Base-64 encoded .CER files as type you can export as. Honestly, I don't know what Step 6 even accomplishes, as after the PFX was installed and configured opening the URL in browser accepted certificate as valid.
Hi @dave_oppd ,
This step is only needed if you are having trouble running jobs, and would only be necessary if the certificate was not a CA certificate since it wouldn't be in the FME Server Trust Store, but in most cases, your CA root will be in the Tomcat Keystore, and you will not need this step. To answer your question though Base 64 encoded ASCII format works the same in tomcat.
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Helpful Members This Week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.