Hi all,
I have an issue in getting the certificate to work for HTTPS URL of FME Server.
I have used this URL as reference: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/configuring_for_https.htm
I did use these steps to create Keystore:
• Open a command prompt as administrator and navigate to the Java bin directory (C:\\Program Files\\FMEServer\\Utilities\\jre\\bin )
• Run the following command to create a new keystore file:
keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
• After running the previous command, you are prompted to set a password for the new keystore and specify the server domain name (for example, myserver.mydomain (My FME Server) as your first and last name.
• Password: mypass
• When prompted for the password for the alias <tomcat>, press RETURN.
• A new keystore is created in C:\\Program Files\\FMEServer\\Utilities\\jre\\bin\\
• Copy the new keystore file to the tomcat directory in the FME Server installation: C:\\Program Files\\FMEServer\\Utilities\\tomcat\\
For Certificate I did tried to use different ways.
Way1: CA-issued certificate:
1. Generate a certificate signing request (CSR):
keytool -certreq -keyalg RSA -alias tomcat –file certreq.csr -keystore tomcat.keystore
2. Submit the CSR (certreq.scr) to your CA to obtain a certificate, issued a certificate (export from CA)
3. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file TomcatCer.cer
Way2: I’ve also tried this way after unsuccessful process, because I was thinking the problem is with certificate, so I remove Keystore, recreate it and I’ve done following steps. (After I’ve done the whole process and it was unsuccessful, I did this)
1. Export valid certificate which I had on that server
2. Import the certificate into the keystore. Depending on the web application server, you may also need to import a root certificate (consult your web application or CA's instructions).
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file GoDady.cer
Configure Tomcat
I’ve also done the configuration based on document on these three XMLs and I think its ok, because except certificate issue, I don’t have any issue.
• Configure server.xml
• Configure web.xml
• Configure context.xml
And finally I’ve modified Service URLs to Use HTTPS on FME Server.
But I’m getting this error and I couldn’t find a way around this ( I did try two ways of configuring certificate as I explained)
I clicked on invalid certificate and I can see all the setting I’ve done when I was creating keystore.
So it looks like its not having valid certificate.
Just wondering what am I missing and what should I do to fix the issue? Thanks.
