Importing a CA Certificate for SSL Connections

To authenticate SSL connections using a CA certificate, import the certificate and instruct FME Flow to add it to the list of trusted certificates.

  1. Make a backup of the current list of trusted Certificate Authorities:

    2. <FMEFlowDir>/Utilities/jre/lib/security/cacerts

  2. Obtain your RootCA certificate as a .cer file:

    3. http://<domain-controller>/certsrv/certcarc.asp > 'install this CA certificate'

    Or, contact your domain administrator

  3. Add the certificate to the list of trusted ones:
    • Linux:

      • Open the command terminal and issue the following commands:

      cd <FMEFlowDir>/Utilities/jre

      ./bin/keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore ./lib/security/cacerts

    • Windows:

      • Launch cmd.exe and issue the following commands:

      cd <FMEFlowDir>\Utilities\jre

      bin\keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore

      lib\security\cacerts

      When prompted for keystore password, default is changeit.

      When prompted to trust certificate, answer yes.

    Where:

    • <rootca-alias> is the custom alias for the certificate.
    • <cer-file> is the path to the .cer file downloaded in step 2.
  4. Restart FME Flow.