HTTPS ensures that communication between the client and server is encrypted, so that if it is intercepted, the third party cannot easily view or use the information. For FME Server, you can use HTTPS to ensure that sensitive log in information is not exposed. This is especially important if you are using the Active Directory integration.
To enable SSL support:
To enable SSL for a service, open the FME Server Web User Interface, click Services, and click the desired service in the table.
The Editing Service page opens.
In the URL field, change HTTP to HTTPS, and modify the port number, if required. Typically SSL is configured on either port 8443 or 443.
Depending on the method, instructions to set up SSL on different application servers vary. The following example provides steps for setting up SSL for Apache Tomcat 7, using self-signed certificates.
For development and testing purposes, self-signed certificates are supported. For production use, we recommend that you use SSL certificates from a verified SSL certificate authority.
For any HTTPS (SSL) page, a certificate is required. First, you must generate a keystore that contains a certificate chain using the keytool command from the Java Developer Kit (JDK).
To set up SSL for Apache Tomcat 7 using self-signed certificates, follow these steps:
Type the following command:
keytool -genkey -alias tomcat -keyalg RSA
If your path is not set to the Java bin directory, navigate to that directory and type the appropriate command.
Note: A JDK must be installed to use the keytool command.
A message prompts you to enter a keystore password.
Enter changeit.
You can give the keystore password a different name; however, if you do, you must make some changes later.
Enter the required details, shown here:
A message prompts you to enter the alias password, which must be the same as the keystore password.
Enter the same password you entered in step 3.
A keystore is generated in the following location:
<drive>:\Users\<username>\.keystore
where <drive> is C: and <username> is hnguyen.
Copy the .keystore file to the Tomcat directory, and then copy the path to the file.
If you are using the default web application included with FME Server, Tomcat is located at:
<FME Server Install DIR>\Utilities\tomcat
Open the server.xml file:
<TomcatDir>\conf\server.xml
Locate the Connector code block, and replace it with the following:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" minSpareThreads="5"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0 2010
beta\conf\.keystore"
keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" />
In the Apache Tomcat's server.xml file change the Listener className line (found at the beginning of the file) to how it's written below:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine=‘off'/>
Open a browser and navigate to https://localhost.
This should show you the same Tomcat home page, but in a secured format.
Note: If you use port 443 in your Tomcat server.xml file, you're able to omit the port number in your URL links; that is, you only need to type https://localhost.