Skip to main content

Hello All, 

 

We use FME server 2021.2 as an integration platform and it is not configured for HTTPS. Organization internal systems call our FME workbenches via webhook.

 

ArcGIS Portal Feature Service Reader fetches data from ArcGIS portal feature service. It executes successfully most of the time but fails very intermittently causing data discrepancy between different systems. The failure message is:

 

ArcGIS Portal Feature Service Reader: SSL certificate verification failed for host 'xxxx.xxx.com'. HTTPS connections may not be secure. Disabling verification of SSL certificates. Message: HTTPSConnectionPool(host='vgggg', port=443): Max retries exceeded with url: /portal/sharing/rest/generateToken (Caused by SSLError(SSLError("bad handshake: Error( ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
2025-03-05 11:15:58|   0.1|  0.0|INFORM|ArcGIS Portal Feature Service Reader: Getting item with ID 'c505638a9b14460f8267d0a7b562ee48'
2025-03-05 11:15:58|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error(h('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:02|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error(n('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:10|   0.1|  0.0|WARN  |DEBUG: urllib3.connectionpool Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error( ('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y
2025-03-05 11:16:10|   0.1|  0.0|WARN  |ArcGIS Portal Feature Service Reader: SSL certificate verification failed for host 'xxxxxx'. HTTPS connections may not be secure. Disabling verification of SSL certificates. Message: HTTPSConnectionPool(host='xxxxxx', port=443): Max retries exceeded with url: /portal/sharing/content/items/c505638a9b14460f8267d0a7b562ee48?f=json&token=zxjZP5xyNXf8i2m7SWH-vW9yqvZjcFufnyzxlEerY2gfFc_u9kXfNo6z6BL7NwgwCF6ohlIXU-ANZ5oEf2cBQGFP3Tt49sRuZ-ohWSgrX0_5SoJ5O2CnuzvLkQW6InQwjp4pXSRNqT6FKwca_2hthSuoSjAaxQjZhjs9xndfO4o6dFhH4aCxm7Slloh8VY5y (Caused by SSLError(SSLError("bad handshake: Error(b('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

 

I saw a similar post - 

  • Do we need import portal self signed certificate on to the windows server trusted authorities?
  • Is any other configuration needed when a request is to be made to ArcGIS enterprise?

Thanks,

Naveen

Just confirming that this is FME calling Enterprise?

It’s interesting that it works most of the time, then fails other times. I’d expect something like this to be a bit more ‘binary’ - it either works or it doesn’t.

I’m assuming you’re using an internal DNS name - gis.company.com. Do you get the same issues when using the FQDN?

Adding the self signed cert to the trusted store shouldn’t make anything worse. In my view it’s worth trying


@hkingsbury - Yes. Enterprise. 

Yes. added the certificates at all places.

Safe support team has requested to make changes to FMEServerconfig as below. After this, it looks like we are not seeing the SSL Handshake warning message, but I did notice that few jobs execution times have gone up...from (2-4 seconds) to (7-9 seconds). 

MAX_TRANSACTION_RESULT_SUCCESSES=1
MAX_TRANSACTION_RESULT_FAILURES=1

MAX_FAILED_TRANSACTION_REQUEST_RETRIES = 3

 


Reply