Just want to confirm when the Windows version of FME Desktop 2019.0 sends https connections from httpcaller, does it use the Windows Certificate Store or the CA Root Certificates from Mozilla?
I have the impression that the Windows version is using the Windows Certificate Store. However, I saw the message "added 135 certificate(s) from CA file 'C:\\Program Files\\FME\\ssl/cacert.pem'"
Â
Thanks,
Â
Best answer by nampreetatsafe
Hi @jingking! This is honestly not my expertise, but I was able to put together some information from my fellow Safers to hopefully answer your question.
On Windows machines, the HTTPCaller uses Windows Certificate Store. This means that you can add your own certificates (including CA Root Certificates) to the store and HTTPCaller will use them.
CA Roots Certificates are provided by Mozilla, and libcurl checks these as well. However, we are considering disabling them on Windows as FME should probably only rely on the OS provided certificate storage.
I hope this helps.
+13Hi @jingking! This is honestly not my expertise, but I was able to put together some information from my fellow Safers to hopefully answer your question.
On Windows machines, the HTTPCaller uses Windows Certificate Store. This means that you can add your own certificates (including CA Root Certificates) to the store and HTTPCaller will use them.
CA Roots Certificates are provided by Mozilla, and libcurl checks these as well. However, we are considering disabling them on Windows as FME should probably only rely on the OS provided certificate storage.
I hope this helps.
+13Hi @jingking! This is honestly not my expertise, but I was able to put together some information from my fellow Safers to hopefully answer your question.
On Windows machines, the HTTPCaller uses Windows Certificate Store. This means that you can add your own certificates (including CA Root Certificates) to the store and HTTPCaller will use them.
CA Roots Certificates are provided by Mozilla, and libcurl checks these as well. However, we are considering disabling them on Windows as FME should probably only rely on the OS provided certificate storage.
I hope this helps.
FYI: The Mozilla Certificate package on Windows will be disabled by about FME 2019.1.1 as it was causing other issues (i.e. https://knowledge.safe.com/questions/94899/issues-with-mitm-proxy.html).
FYI: The Mozilla Certificate package on Windows will be disabled by about FME 2019.1.1 as it was causing other issues (i.e. https://knowledge.safe.com/questions/94899/issues-with-mitm-proxy.html).
Thanks! That's make sense. I have to disable the SSL certificate check when using 2019.0.
