Skip to main content
Solved

How do I get FME to select the right cert for Client Cert Authentication to server?

robotix
Contributor
Forum|alt.badge.img+10

Part of the handshake is described as:

Upon receiving the Server Hello containing the Client Certificate request & list of Distinguished CA names, the client will perform the following steps:

  • The client uses the CA list available in the SERVER HELLO to determine the mutually trusted CA certificates.
  • The client will then determine the Client Certificates that have been issued by the mutually trusted Certification Authorities.
  • The client will then present the client certificate list to the user so that they can select a certificate to be sent to the Server.

So the last part of this states the cert list is provided to the user so they can select the cert to sent to the server. In this case the user is FME. How does it select which cert to pass to the server?

 

Best answer by robotix

I ended up using a python caller to specify the certificate to send with the request.

This is the basic syntax I used:

 

# import requests module

import requests

 

# Making a get request

requests.get('https://webaddress.org', cert=('/path/client.cert', '/path/client.key'))

 

I was then able to process the response in other transformations.

 

View original
    Did this help you find an answer to your question?

    6 replies

    daraghatsafe
    Forum|alt.badge.img

    Hi @robotix​ thank you for your question. I reached out to the team for some help on this one. Are you able to clarify what you are doing in FME?

    Are you publishing a workspace to FME Server?

    Using an FME Server web connection, for example from an HTTPCaller?

    Using a transformer such as an FMEServerJobSubmitter?

    Thanks, Daragh

    robotix
    Contributor
    Forum|alt.badge.img+10
    • robotixContributor
    • Author
    • Contributor
    • March 31, 2021

    Hello @daraghbroderick,

    I was trying to communicate with a vendor API that required client authentication and required that the certificate be sent. This is in workspace published to FME server. I couldn't find a way for the HTTP caller to specify which certificate to grab. It kept trying to send the first cert with the right CA auth. Apparently there is some hidden magic in the way certificates are stored and retrieved in windows and with java.

    I ended up using a python caller to specify the certificate to send with the request.

    This is the basic syntax I used:

     

    # import requests module

    import requests

     

    # Making a get request

    requests.get('https://webaddress.org', cert=('/path/client.cert', '/path/client.key'))

     

    I was then able to process the response in other transformations.

    This matter is closed for me. It would be nice to know if there are alternative approaches though.

    Thank you!

    robotix
    Contributor
    Forum|alt.badge.img+10
    • robotixContributor
    • Author
    • Contributor
    • Best Answer
    • March 31, 2021

    I ended up using a python caller to specify the certificate to send with the request.

    This is the basic syntax I used:

     

    # import requests module

    import requests

     

    # Making a get request

    requests.get('https://webaddress.org', cert=('/path/client.cert', '/path/client.key'))

     

    I was then able to process the response in other transformations.

     

    richardatsafe
    Safer
    Forum|alt.badge.img+10

    Hi @robotix​ ,

     

    I'm glad you have a workaround. We unfortunately don't have anything that can do this in the HTTPCaller yet, however, if this is important to you please post the idea for the "HTTPCaller to specify client certificates" on our Idea's page. Voted up ideas greatly impact which enhancements we work on next!

    martinkoch
    Supporter
    Forum|alt.badge.img+18
    • martinkochSupporter
    • Supporter
    • April 20, 2022

    As I have the same need, and have not yet found an entry on the Idea's page, I added one..

     

    https://community.safe.com/s/bridea/a0r4Q00000I0pb2QAB/httpcaller-to-specify-client-certificates

     

    Please vote if you stumble upon this page...

    martinkoch
    Supporter
    Forum|alt.badge.img+18
    • martinkochSupporter
    • Supporter
    • September 17, 2024

    Idea seems to have moved to
     

    Again, have a client in need of this functionality, preferring it natively in FME.

    Reply


    Helpful Members This Week

    Community Stats

    30,985
    Posts
    117,436
    Replies
    38,764
    Members

    Latest FME

    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.