Introduction
You may wish to configure your FME Flow (formerly FME Server) for HTTPS so that communication between the client and server is encrypted. This setup requires you to import a certificate into your FME Flow Web Application Server.
Before you get started, please contact your IT team to see what certificate options are available to you. This will determine which set of instructions to follow. We have provided configuration steps for three certificate types.
The first method requires you to generate a certificate signing request from FME Flow, which your IT team can then use to create a CA certificate with the .cer or .crt extensions.
The second method should be used when your IT team has already provided you with a certificate that uses the .pfx or .p12 extension. If you have been given a certificate with another extension type, such as .pem or .pb7, you’ll need to convert it to .pfx before following these instructions.
Lastly, if you do not have access to an authorized certificate, you can configure your FME Flow to use a self-signed certificate instead. Please note that we do not recommend this option if you are working in a production environment.
Step-by-step Instructions (Windows)
- Using a CA Certificate (.cer or .crt)
- Using a PFX or P12 Certificate
- Using a Self-signed Certificate
- Using a Key File and .CER Certificate
FME Flow 2022.0 Linux
As of 2022.0, Linux FME Flows now includes Nginx as a reverse proxy, making SSL configuration easier to manage. Please follow the documentation for the steps. If you have an older installation, please follow the Windows steps above.
Updating an Expired Certificate
All certificates have an expiration date. Once this has passed, you can still access FME Flow via HTTPS; however, you cannot submit jobs to run via the Web UI. For instructions on how to update each certificate type, see our guide Updating an expired Certificate.
Upgrading FME Flow
The HTTPS configuration is not included in the backup/restore; when upgrading FME Flow, you’ll need to repeat this configuration from scratch following the article relevant to your certificate type.
Note: Before uninstalling FME Flow it might be helpful to make a copy of the files manually altered during HTTPS configuration. These files should not be used again but are a helpful reference.
<FMEFlowDir>\Utilities\tomcat\conf\server.xml
<FMEFlowDir>\Utilities\tomcat\conf\web.xml
<FMEFlowDir>\Utilities\tomcat\conf\context.xml
<FMEFlowDir>\Server\fmeWebSocketConfig.txt
<FMEFlowDir>\Server\config\subscribers\websocket.properties
<FMEFlowDir>\Server\config\publishers\websocket.properties
<FMESharedResourceDir>\localization\publishers\websocket\publisherProperties.xml
<FMESharedResourceDir>\localization\subscribers\websocket\subscriberProperties.xml
Troubleshooting
If you are experiencing issues please consult our FME Flow and HTTPS troubleshooting Guide, if this does not resolve your problem then contact Safe Software Support.
Comments
0 comments
Please sign in to leave a comment.