HTTPS ensures that communication between the client and server is encrypted, so that if it is intercepted, the third party cannot easily view or use the information. For FME Server, you can use HTTPS to ensure that sensitive log in information is not exposed. This is especially important if you are using the Active Directory integration.
To enable SSL support:
To enable SSL for a service, open the FME Server Web User Interface, click Services, and click the desired service in the table.
The Editing Service page opens.
In the URL field, change HTTP to HTTPS, and modify the port number, if required. Typically SSL is configured on either port 8443 or 443.
If you are updating the Catalog Service to use HTTPS, you must also edit a configuration file deployed with the catalog service in the application server. The location of this file depends on the type of web application server you are using. The steps below describe how to do this for the default Apache Tomcat server that ships with FME Server.
FMESERVER_URL to the appropriate SSL URL. For example, from:FMESERVER_URL=http://MYFMESERVER:80
to:
FMESERVER_URL=https://MYFMESERVER:443
Note: You may omit the “443” port designator here. Port 443 is the SSL default.
Depending on the method, instructions to set up SSL on different application servers vary. The following example provides steps for setting up SSL for Apache Tomcat 7, using self-signed certificates.
For development and testing purposes, self-signed certificates are supported. For production use, we recommend that you use SSL certificates from a verified SSL certificate authority.
For any HTTPS (SSL) page, a certificate is required. First, you must generate a keystore that contains a certificate chain using the keytool command from the Java Developer Kit (JDK).
To set up SSL for Apache Tomcat 7 using self-signed certificates, follow these steps:
Type the following command:
keytool -genkey -alias tomcat -keyalg RSA
If your path is not set to the Java bin directory, navigate to that directory and type the appropriate command.
Note: A JDK must be installed to use the keytool command.
A message prompts you to enter a keystore password.
Enter a password for the keystore.
Enter the required details, shown here:
A message prompts you to enter the alias password, which must be the same as the keystore password.
Enter the same password you entered in step 3.
A keystore is generated in the following location:
<drive>:\Users\<username>\.keystore
Copy the .keystore file to the Tomcat directory, and then copy the path to the file.
If you are using the default web application included with FME Server, Tomcat is located at:
<FME Server Install DIR>\Utilities\tomcat
Open the server.xml file:
<TomcatDir>\conf\server.xml
Locate the Connector code block, and replace it with the following:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" minSpareThreads="5"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program Files\FMEServer\Utilities\tomcat\.keystore"
keystorePass="<your_password>"
clientAuth="false" sslProtocol="TLS" />
Change the Listener className line (found near the beginning of the file) to how it is written below:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine='off'/>
Open a browser and navigate to https://localhost:<port>. If you used the same port as specified in Step 8, <port> is 443.
This should show you the same Tomcat home page, but in a secured format.