Configuring for HTTPS

Note: The task described here should be undertaken by advanced users only. Before proceeding, consider your options for alternative solutions until you are certain you wish to proceed. For additional resources, consult the FME Community or FME Support.

  • Skill Level: Advanced
  • Estimated Time Required: 45-60 minutes
  • Prerequisites:
    • Test jobs and services to ensure FME Server is fully functional. For more information, see:
    • Familiarity with the Certificate Authority (CA) instructions from your certificate provider, particularly for generating the Certificate Signing Request (CSR).

    • (Recommended) Familiarity with your web application server's SSL configuration and certificates. (Apache Tomcat is the servlet for an Express or Fault-Tolerant installation of FME Server, and as an option with certain Distributed installations.)
    • (Recommended) Access to the person who generates your certificates.

Note: If using Microsoft IIS Application Request Routing (ARR), refer to this FME Community article.

Configuring for HTTPS

HTTPS ensures that communication between the client and server is encrypted, so that if it is intercepted, a third party cannot easily view or use the information. You can use HTTPS with FME Server to ensure that sensitive login information is not exposed.

The following are two supported methods for securing FME Server with HTTPS. For alternative methods, such as using a self-signed certificate, see Configuring FME Server for HTTPS in the FME Community.

Note: The following instructions provide steps for setting up SSL for Apache Tomcat, which is the application server included with an Express or Fault-Tolerant installation of FME Server, and as an option with certain Distributed installations. Instructions to set up SSL on different web application servers vary.

For more information about configuring Apache Tomcat for HTTPS, or if you are using a different version of Apache Tomcat, see the documention for your version on http://tomcat.apache.org/.

Using a CA-issued Certificate

This method requires you to generate a certificate signing request from FME Server, which your IT team can use to create a CA certificate with the .cer or .crt extensions. If the certificate uses the .pfx extension, follow Using a PFX or P12 Certificate (below) instead.

Using a PFX or P12 Certificate

Use these instructions to configure your FME Server for HTTPS using a .pfx or .p12 certificate obtained from a Certificate Authority (CA). If you do not have a certificate, follow the instructions for Using a CA-issued Certificate (above) instead.

See Also