Question

Internal web site does not have certificate. how to bypass the step to upload Base-64 encoded X.509 (.CER) and local PFX cert directly?

  • 13 December 2022
  • 1 reply
  • 17 views

Hi,

My organisation provided me a CA signed PFX certificate.

I have followed the step-by-step guide to update server.xml, web.xml and content.xml, etc.

I am able to restart the FME server service.

However, when I use https://locahost/ or https://<server name>/fmeserver/

I contantly get the message "This is site can't provide a secure connection", and ERR_SSL_PROTOCOL_ERROR.

click the (i) at the URL address bar shows NO certificate.

I checked the other internal site, it states "This site does not have certificate."

I couldn't complete the export and import Base-64 encoded X.509 cer file.

How can I move forward from here to complete the HTTPS enabling?

Thanks

Helen


1 reply

Badge +7

Hi @defence_hyang‚Äč, is this the article that you followed?

https://community.safe.com/s/article/Configuring-FME-Server-for-HTTPS-Using-a-PFX-Certificate

If you are using a wild-card certificate that can be used on multiple sub-domains, then you need to enter the full domain (for example, https://www.mysite.myorg.net/fmeserver) - localhost won't work.

You should be able to download the certificate from the browser and import it into FME Server's trusted certs as per the article linked above. The article used Chrome as an example, which has changed a bit since it was written (we plan to update it). If you do not see an option to download the 'Base-64 encoded X.509' cer file, download the base-64 ascii crt instead and import that into FME Server's trusted certs.

Reply