HTTPS Configuration error ‘data isn’t an object ID (tag = 48)’

Richard Mosley
Richard Mosley
  • Updated
Known Issue ID FMESERVER-17624
Discovered All Versions
Affects All Versions
Resolved N/A

Symptom

After configuring FME Server for HTTPS the Web UI is not responsive and you see the following error in the Catalina log.

data isn't an object ID (tag = 48)


Or errors indicating algorithms are not available, for example:

java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available

 

Cause 

AES Algorithms are not supported by FME, which uses Java Runtime Environment 8.

 

Resolution

The current solution is to make sure the AES algorithm is not used in the certificate. RSA algorithms are a good option. Follow the steps below to convert your certificate to use a different algorithm.

1. Double-click the certificate(s) to open the Import Wizard and import the certificates into the Windows Certificate Manager. Mark the key as exportable.

Mark the Key as Exportable

2. Since this is temporary, you can import them wherever is convenient. The Personal store is ok. 
Personal Cert Store

3. Once the certificates are imported, Open the Certificate Manager and export them. Make sure to select the server certificate as well as the intermediary and root certificated if they are present.
Export

5. In the Export Wizard, choose “Yes, export the private key”. 
Export PK

6. Select the .PFX format
Export PFX

7. Enter the password and choose Encryption as TripleDES-SHA1. In some cases, the encryption may not be an option. Please proceed anyway as the default is usually TripleDES-SHA1.  
Enter password

8. Specify a new name and finish exporting the certificate. Use the new .pfx certificate in FME Server. See Configuring FME Server for HTTPS: Using a PFX or P12 Certificate

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.