Skip to main content
  • EN

Hello All, 

 

We use FME server 2021.2 as an integration platform and it is not configured for HTTPS. Organization internal systems call our FME workbenches via webhook.

 

ArcGIS Portal Feature Service Reader fetches data from ArcGIS portal feature service. It executes successfully most of the time but fails very intermittently causing data discrepancy between different systems. The failure message is:

 

ArcGIS Portal Feature Service Reader: SSL certificate verification failed for host 'xxxx.xxx.com'. HTTPS connections may not be secure. Disabling verification of SSL certificates. Message: HTTPSConnectionPool(host='vgggg', port=443): Max retries exceeded with url: /portal/sharing/rest/generateToken (Caused by SSLError(SSLError("bad handshake: Error( ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
2025-03-05 11:15:58|   0.1|  0.0|INFORM|ArcGIS Portal Feature Service Reader: Getting item with ID 'c505638a9b14460f8267d0a7b562ee48'
2025-03-05 11:15:58|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error(h('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:02|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error(n('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:10|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error( ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:10|   0.1|  0.0|WARN  |ArcGIS Portal Feature Service Reader: SSL certificate verification failed for host 'xxxxxx'. HTTPS connections may not be secure. Disabling verification of SSL certificates. Message: HTTPSConnectionPool(host='xxxxxx', port=443): Max retries exceeded with url: /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y (Caused by SSLError(SSLError("bad handshake: Error(b('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

 

I saw a similar post - 

  • Do we need import portal self signed certificate on to the windows server trusted authorities?
  • Is any other configuration needed when a request is to be made to ArcGIS enterprise?

Thanks,

Naveen

Just confirming that this is FME calling Enterprise?

It’s interesting that it works most of the time, then fails other times. I’d expect something like this to be a bit more ‘binary’ - it either works or it doesn’t.

I’m assuming you’re using an internal DNS name - gis.company.com. Do you get the same issues when using the FQDN?

Adding the self signed cert to the trusted store shouldn’t make anything worse. In my view it’s worth trying

@hkingsbury - Yes. Enterprise. 

Yes. added the certificates at all places.

Safe support team has requested to make changes to FMEServerconfig as below. After this, it looks like we are not seeing the SSL Handshake warning message, but I did notice that few jobs execution times have gone up...from (2-4 seconds) to (7-9 seconds). 

MAX_TRANSACTION_RESULT_SUCCESSES=1
MAX_TRANSACTION_RESULT_FAILURES=1

MAX_FAILED_TRANSACTION_REQUEST_RETRIES = 3

 

Reply


Community Stats

31,756
Posts
120,637
Replies
39,380
Members

Latest FME

Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.