Configuring FME Flow for HTTPS

Richard Mosley
Richard Mosley
  • Updated

Introduction

You may wish to configure your FME Flow (formerly FME Server) for HTTPS so that communication between the client and server is encrypted. This setup requires you to import a certificate into your FME Flow Web Application Server. 

Before you get started please reach out to your IT team to see what certificate options are available to you as this will determine which set of instructions to follow. We have provided configuration steps for three certificate types. 

The first method requires you to generate a certificate signing request from FME Flow, which can then be used by your IT team to create a CA certificate with the .cer or .crt extensions. 

The second method should be used when your IT team has already provided you with a certificate that uses the .pfx or .p12 extension. If you have been given a certificate with another extension type, such as .pem or .pb7 you’ll need to convert it to .pfx before following these instructions.   

Lastly, if you do not have access to an authorized certificate you can configure your FME Flow to use a self-signed certificate instead. Please note that we do not recommend this option if you are working with a production environment. 
 

Step-by-step Instructions (Windows)

 

FME Flow 2022.0 Linux

As of 2022.0, Linux FME Flows now include Nginx as a reverse proxy. This makes SSL configuration easier to manage. Please follow the documentation for the steps. If you have an older installation, please follow the Windows steps above. 

 

Updating an Expired Certificate

All certificates have an expiration date and once this has passed, you will still be able to access FME Flow via HTTPS however you will not be able to submit jobs to run via the Web UI. For instructions on how to update each certificate type see

 

 Upgrading FME Flow

The HTTPS configuration is not included in the backup/restore therefore when upgrading FME Flow you’ll need to repeat this configuration from scratch following the article relevant to your certificate type. 

Note: Before uninstalling FME Flow it might be helpful to make a copy of the files manually altered during HTTPS configuration. These files should not be used again but are a helpful reference.

<FMEFlowDir>\Utilities\tomcat\conf\server.xml
<FMEFlowDir>\Utilities\tomcat\conf\web.xml
<FMEFlowDir>\Utilities\tomcat\conf\context.xml
<FMEFlowDir>\Server\fmeWebSocketConfig.txt
<FMEFlowDir>\Server\config\subscribers\websocket.properties
<FMEFlowDir>\Server\config\publishers\websocket.properties
<FMESharedResourceDir>\localization\publishers\websocket\publisherProperties.xml
<FMESharedResourceDir>\localization\subscribers\websocket\subscriberProperties.xml

 

Troubleshooting

If you are experiencing issues please consult our FME Flow and HTTPS troubleshooting Guide, if this does not resolve your problem then contact Safe Software Support.  

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.