Configuring for HTTPS

Note  The task described here should be undertaken by advanced users only. Before proceeding, consider your options for alternative solutions until you are certain you wish to proceed. For additional resources, consult the FME Community or FME Support.
  • Skill Level: Advanced
  • Estimated Time Required: 45-60 minutes
  • Prerequisites:
    • Test jobs and services to ensure FME Flow is fully functional. For more information, see Verify the Installation

    • Familiarity with the Certificate Authority (CA) instructions from your certificate provider, particularly for generating the Certificate Signing Request (CSR).

    • (Recommended) Familiarity with your web application server's SSL configuration and certificates. (Apache Tomcat is the servlet for an Express or Fault-Tolerant installation of FME Flow, and as an option with certain Distributed installations.)
    • (Recommended) Access to the person who generates your certificates.
Note  If using Microsoft IIS Application Request Routing (ARR), refer to this FME Community article.

Configuring for HTTPS

HTTPS ensures that communication between the client and server is encrypted, so that if it is intercepted, a third party cannot easily view or use the information. You can use HTTPS with FME Flow to ensure that sensitive login information is not exposed.

The following are two supported methods for securing FME Flow with HTTPS. For alternative methods, such as using a self-signed certificate, see Configuring FME Flow for HTTPS in the FME Community.

Note  The following instructions provide steps for setting up SSL for Apache Tomcat, which is the application server included with an Express or Fault-Tolerant installation of FME Flow, and as an option with certain Distributed installations. Instructions to set up SSL on different web application servers vary.

For more information about configuring Apache Tomcat for HTTPS, or if you are using a different version of Apache Tomcat, see the documention for your version on https://tomcat.apache.org/.

Using a CA-issued Certificate

This method requires you to generate a certificate signing request from FME Flow, which your IT team can use to create a CA certificate with the .cer or .crt extensions. If the certificate uses the .pfx extension, follow Using a PFX or P12 Certificate (below) instead.

  1. Create a Keystore Generation Script

    2. Open a text editor and copy the example script below, replacing the argument values with your own.

    Note  The storepass and keypass arguments must be the same and at least 6 characters.

    keytool -genkey -noprompt -keyalg RSA -keystore tomcat.keystore -alias <alias> -dname "<dname>" -storepass <storepass> -keypass <keypass> -ext san="<san>" -deststoretype pkcs12

    Argument

    Description
    genkey The keytool program command to generate a new keystore.
    noprompt

    Using this argument in the command removes any interaction with the user.
    keyalg The algorithm to generate a private/public key pair.

    keystore

    		 The keystore file name.
    deststoretype Keystore type, pkcs12 or jks.
    dname The CN name, Organization Unit, Organization, Location (city), State, and two-letter country code. The distinguished name is a set of values used to create the certificate and should be entered as you would like them to be presented to FME Flow users and visitors.
    storepass, keypass The password of the key and keystore. The value must be a minimum of six characters and must be the same for both arguments.
    ext san The subject alternative name is a structured way to indicate all of the domain names and IP addresses that are secured by the certificate.
    alias The name of the key inside the keystore being created.

    Example:

    keytool -genkey -noprompt -keyalg RSA -keystore tomcat.keystore -alias tomcat -dname "CN=fmeflow.example.org, OU=support, O=SafeSoftware, L=Surrey, S=BC, C=CA" -storepass password1 -keypass password1 -ext san="dns:fmeflow.example.org,dns:fmeflow" -deststoretype pkcs12

  2. Run the Keystore Generation Script
    1. Open a command prompt as administrator and navigate to the FME Flow installation Java bin directory:

      2. cd <FMEFlowDir>\Utilities\jre\bin\

      Where <FMEFlowDir> is the location of the FME Flow installation folder.

    2. Execute the command created in step 1.
  3. Generate a Certificate Signing Request (CSR)

    4. In the command prompt, remain in <FMEFlowDir>\Utilities\jre\bin\ and run:

    keytool -certreq -keyalg RSA -alias <alias> -file <filename> -keystore tomcat.keystore -ext san="<san>"

    Specify the certificate signing request path to the <filename>, and update <alias> and <san> to match that set in step 1.

    Example:

    keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore tomcat.keystore -ext san="dns:fmeflow.example.org,dns:fmeflow"

  4. Obtain a Certificate

    5. Submit the CSR (for example, certreq.csr) generated in step 3 to your CA to obtain a certificate, according to your CA's instructions.

  5. Import the Certificate into the Keystore

    6. If you have multiple certificates, install them in the following order, and be sure to update the alias and certificate path for each.

    1. Import the root certificate (if you have one):

      2. keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file <path/certificate_filename>

    2. Import the intermediate certificate (If you have one):

      3. keytool -import -alias intermediate -keystore tomcat.keystore -trustcacerts -file <path/certificate_filename>

    3. Import the certificate:

      4. keytool -import -alias <alias> -keystore tomcat.keystore -trustcacerts -file <path/certificate_filename>

      Note  Use the same <alias> specified in step 1.
  6. Import the Keystore into FME Flow's trusted certs

    7. In a command prompt, from <FMEFlowDir>\Utilities\jre\bin\, use the following command to import the keystore into FME Flow's trusted certs, specifying the srcstorepass argument with the password from step 1.

    keytool -importkeystore -noprompt -srckeystore tomcat.keystore -destkeystore "<FMEFlowDir>\Utilities\jre\lib\security\cacerts" -deststorepass changeit -srcstorepass <password>

    Note  Ignore the warning that the destination type must default to jks.
  7. Back up the Tomcat XML Configuration Files

    8. Navigate to <FMEFlowDir>\Utilities\tomcat\conf and make backups of server.xml, web.xml, and context.xml. We recommend this step so that you can easily revert the configuration at any point if necessary.

  8. Configure server.xml
    1. Run a text editor as an administrator and open server.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Locate the SSLEngine setting in the <Listener> element, including className="org.apache.catalina.core.AprLifecycleListener" and change the "on" value to "off".
    3. Locate the <Connector> element that contains protocol="org.apache.coyote.http11.Http11NioProtocol" and replace the entire element with:

      4. Copy 
      <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
      port="443"
      minSpareThreads="5"
      enableLookups="true"
      disableUploadTimeout="true"
      acceptCount="100"
      maxThreads="200"
      maxHttpHeaderSize="16384"
      scheme="https"
      secure="true"
      SSLEnabled="true"
      maxParameterCount="1000"
      keystoreFile="<file>"
      keystorePass="<password>"
      clientAuth="false" sslEnabledProtocols="TLSv1.1,TLSv1.2"
      sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
      ciphers="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA"
      URIEncoding="UTF8" />

      <Connector port="80" protocol="HTTP/1.1" redirectPort="443"/>

      Make sure to update the keystoreFile and keystorePass parameters to the keystore location and password set in step 1. For an example, see this server.xml reference. If the password contains invalid XML characters < > “ ' &, they must be escaped.

      Note  
      • To disable TLS 1.1, remove TLSv1.1, from the sslEnabledProtocols setting.
      • The list of ciphers is not exhaustive. If your certificate was generated with a different algorithm, the applicable cipher must be added. Any algorithms not in use can be safely removed from this list. For a full list of ciphers supported by Tomcat, see the Apache Tomcat 9.0.69 API Documentation.
    4. (Optional) To change the port for HTTPS communication, change 443 to the desired port, for both the port and redirectPort directives.
    5. Save and close the server.xml file.
  9. Configure web.xml
    1. Open web.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Add the following code block to the end of the file, just before the closing </web-app> element:

      3. <security-constraint>

      <web-resource-collection>

      <web-resource-name>HTTPSOnly</web-resource-name>

      <url-pattern>/*</url-pattern>

      </web-resource-collection>

      <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

      </security-constraint>

    3. Save and close the web.xml file.
  10. Configure context.xml
    1. Open context.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Add the following to the end of the file, just before the closing </context> element:

      3. <Valve className="org.apache.catalina.authenticator.SSLAuthenticator" disableProxyCaching="false" />

    3. Save and close the context.xml file.
  11. Update the FME Flow Web URL to Use HTTPS

    12. a. Run a text editor as an administrator and open fmeFlowConfig.txt.

    b. Update the FME_SERVER_WEB_URL directive by changing http to https and change the port to the same one specified in step 8.

    c. Save and close the file.

  12. Verify the HTTPS Configuration
    1. Restart FME Flow.
    2. Open a web browser and navigate to https://localhost/. If you configured Tomcat to use a port other than the standard port 443, also specify the port (https://localhost:<port>).
    3. You should see the FME Flow login page in a secured format.
  13. Modify Service URLs to Use HTTPS

    14. To submit jobs on FME Flow via HTTPS, you must enable SSL for the FME Flow Web Services.

    1. In the FME Flow Web User Interface, open the Services page.
    2. Click Change All Hosts and, in the URL Pattern field, change HTTP to HTTPS. (FME Flow may have already set this change.) If required, modify the port number—typically SSL is configured on either port 8443 or 443. When finished, click OK.
    3. Run a sample workspace with the data download and job submitter services to confirm your FME Flow is working with HTTPS.

    Your FME Flow is now configured to work via HTTPS. However, if you are using the WebSocket Server or Integrated Windows Authentication, some additional steps are required.

  14. (Optional) Enable SSL on the WebSocket Server

    15. The FME Flow WebSocket Server supports insecure (ws://) or secure connections (wss://). This configuration is only required if you want to use the WebSocket Server or Topic Monitoring (legacy).

    1. Run a text editor as an administrator and open the fmeWebSocketConfig.txt file in your FME Flow installation directory (<FMEFlowDir>\Server).
    2. Set WEBSOCKET_ENABLE_SSL=true.
    3. Uncomment the WEBSOCKET_KEYSTORE_FILE_PATH directive and set it to reference the keystore file set in server.xml in step 8. For example:

      4. WEBSOCKET_KEYSTORE_FILE_PATH=<FMEFlowDir>/Utilities/tomcat/tomcat.keystore

      Note  Use forward slashes, which may be different from the path in server.xml.
    4. Uncomment the WEBSOCKET_KEYSTORE_FILE_PASSWORD directive and set it to reference the keystore file password set in server.xml in step 8. For example:

      5. WEBSOCKET_KEYSTORE_FILE_PASSWORD=password1

      Note  Do not enclose the password in quotes.
    5. Specify the same settings for the WEBSOCKET_ENABLE_SSL, WEBSOCKET_KEYSTORE_FILE_PATH, and WEBSOCKET_KEYSTORE_FILE_PASSWORD directives in the following files:
      • <FMEFlowDir>\Server\config\subscribers\websocket.properties
      • <FMEFlowDir>\Server\config\publishers\websocket.properties
    6. In the following files, update the protocol in the value property of the PROPERTY directive from "ws:" to "wss:"
      • <FMESharedResourceDir>\localization\publishers\websocket\publisherProperties.xml
      • <FMESharedResourceDir>\localization\subscribers\websocket\subscriberProperties.xml
        • Note  <FMESharedResourceDir> refers to the location of the FME Flow System Share, specified during installation.
    7. Run the following .bat files, located in <FMEFlowDir>\Clients\utilities:
      • addPublishers.bat
      • addSubscribers.bat
    8. Restart FME Flow.
    9. To test that the configuration is complete, run jobs and view Topic Monitoring.
  15. (Optional) Update the SSO Authentication URL to use HTTPS
    16. Note  This step is applicable only if you want to use Integrated Windows Authentication (single sign-on) to access the FME Flow Web Interface.
    1. Run a text editor as an administrator and open the fmeserver propertiesFile.properties, located in <FMEFlowDir>\Utilities\tomcat\webapps\fmeserver\WEB-INF\conf\.
    2. Locate the SINGLE_SIGN_ON_AUTH_URL parameter, and update the host name and port portion of the URL to match the host name through which the FME Flow Web User Interface is accessed.

      3. For example:

      SINGLE_SIGN_ON_AUTH_URL=https://<MyFMEFlowHost>:443/fmetoken/sso/generate

Using a PFX or P12 Certificate

Use these instructions to configure your FME Flow for HTTPS using a .pfx or .p12 certificate obtained from a Certificate Authority (CA). If you do not have a certificate, follow the instructions for Using a CA-issued Certificate (above) instead.

  1. Make a backup of the Tomcat XML configuration files

    2. Go to <FMEFlowDir>\Utilities\tomcat\conf and make backups of server.xml, web.xml, and context.xml.

  2. Configure server.xml
    1. Run a text editor as an administrator and open server.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Locate the SSLEngine setting in the <Listener> element, including className="org.apache.catalina.core.AprLifecycleListener" and change the "on" value to "off".
    3. Locate the <Connector> element that contains protocol="org.apache.coyote.http11.Http11NioProtocol" and replace the entire element with:

      4. Copy 
      <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
      port="443"
      minSpareThreads="5"
      enableLookups="true"
      disableUploadTimeout="true"
      acceptCount="100"
      maxThreads="200"
      maxHttpHeaderSize="16384"
      scheme="https"
      secure="true"
      maxParameterCount="1000"
      SSLEnabled="true"
      keystoreFile="<file>"
      keystorePass="<password>"
      keystoreType="PKCS12"
      clientAuth="false" sslEnabledProtocols="TLSv1.1,TLSv1.2"
      sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
      ciphers="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA"
      URIEncoding="UTF8" />

      <Connector port="80" protocol="HTTP/1.1" redirectPort="443"/>

      The keystoreFile should point to your .pfx certificate. We recommend storing this certificate in FME Flow's Tomcat directory: <FMEFlowDir>\Utilities\tomcat\. Make sure the keystorePass is set to the password for your PFX certificate. If the password contains invalid XML characters < > “ ' &, they must be escaped.

      Note  
      • To disable TLS 1.1, remove TLSv1.1, from the sslEnabledProtocols setting.
      • The list of ciphers is not exhaustive. If your certificate was generated with a different algorithm, the applicable cipher must be added. Any algorithms not in use can be safely removed from this list. For a full list of ciphers supported by Tomcat, see the Apache Tomcat 9.0.69 API Documentation.
    4. (Optional) To change the port for HTTPS communication, change 443 to the desired port, for both the port and redirectPort directives.
    5. Save and close the server.xml file.
  3. Configure web.xml
    1. Open web.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Add the following code block to the end of the file, just before the closing </web-app> element:

      3. <security-constraint>

      <web-resource-collection>

      <web-resource-name>HTTPSOnly</web-resource-name>

      <url-pattern>/*</url-pattern>

      </web-resource-collection>

      <user-data-constraint>

      <transport-guarantee>CONFIDENTIAL</transport-guarantee>

      </user-data-constraint>

      </security-constraint>

    3. Save and close the web.xml file.
  4. Configure context.xml
    1. Open context.xml, located in <FMEFlowDir>\Utilities\tomcat\conf.
    2. Add the following to the end of the file, just before the closing </context> element:

      3. <Valve className="org.apache.catalina.authenticator.SSLAuthenticator" disableProxyCaching="false" />

    3. Save and close the context.xml file.
  5. Update the FME Flow Web URL to Use HTTPS

    6. a. Run a text editor as an administrator and open fmeFlowConfig.txt.

    b. Update the FME_SERVER_WEB_URL directive by changing http to https and change the port to the same one specified in step 2.

    c. Save and close the file.

  6. (Optional) Export the certificate from the browser in base 64 format and import it into the cacerts trust store
    7. Note  This step is required only if your certificate was not obtained from a Trusted Certificate Authority. Instructions may differ slightly in a browser other than Chrome.

    a. Restart the FME Flow Application Server service

    b. Open a browser and navigate to https://localhost/. If you configured Tomcat to use a port other than the standard port 443, also specify the port (https://localhost:<port>).

    c. View the certificate from the browser.

    d. Select the Details tab and click Export.

    e. Save as Base-64-encoded ASCII, single certificate (CRT) to local disk (for example, <certpath>\mycert.crt)

    f. Import the keystore into FME Flow's trusted certs

    In a command prompt, as an administrator, change directory to <FMEFlowDir>\Utilities\jre\bin\. Use the following command to import the keystore into FME Flow’s trusted certs:

    keytool -import -trustcacerts -keystore "<FMEFlowDir>\Utilities\jre\lib\security\cacerts" -storepass changeit -noprompt -file <certpath>\mycert.crt

  7. Verify the HTTPS Configuration
    1. Restart FME Flow.
    2. Open a web browser and navigate to https://localhost/. If you configured Tomcat to use a port other than the standard port 443, also specify the port (https://localhost:<port>).
    3. You should see the FME Flow login page in a secured format.
  8. Modify Service URLs to Use HTTPS

    9. To submit jobs on FME Flow via HTTPS, you must enable SSL for the FME Flow Web Services.

    1. In the FME Flow Web User Interface, open the Services page.
    2. Click Change All Hosts and, in the URL Pattern field, change HTTP to HTTPS. (FME Flow may have already set this change.) If required, modify the port number—typically SSL is configured on either port 8443 or 443. When finished, click OK.
    3. Run a sample workspace with the data download and job submitter services to confirm your FME Flow is working with HTTPS.

    Your FME Flow is now configured to work via HTTPS. However, if you are using the WebSocket Server or Integrated Windows Authentication, some additional steps are required.

  9. (Optional) Enable SSL on the WebSocket Server

    10. The FME Flow WebSocket Server supports insecure (ws://) or secure connections (wss://). This configuration is only required if you want to use the WebSocket Server or Topic Monitoring (legacy).

    1. Run a text editor as an administrator and open the fmeWebSocketConfig.txt file in your FME Flow installation directory (<FMEFlowDir>\Server).
    2. Set WEBSOCKET_ENABLE_SSL=true.
    3. Uncomment the WEBSOCKET_KEYSTORE_FILE_PATH directive and set it to reference the keystore file set in server.xml in step 2. For example:

      4. WEBSOCKET_KEYSTORE_FILE_PATH=<FMEFlowDir>/Utilities/tomcat/mycert.pfx

      Note  Use forward slashes, which may be different from the path in server.xml.
    4. Uncomment the WEBSOCKET_KEYSTORE_FILE_PASSWORD directive and set it to reference the keystore file password set in server.xml in step 2. For example:

      5. WEBSOCKET_KEYSTORE_FILE_PASSWORD=password1

      Note  Do not enclose the password in quotes.
    5. Specify the same settings for the WEBSOCKET_ENABLE_SSL, WEBSOCKET_KEYSTORE_FILE_PATH, and WEBSOCKET_KEYSTORE_FILE_PASSWORD directives in the following files:
      • <FMEFlowDir>\Server\config\subscribers\websocket.properties
      • <FMEFlowDir>\Server\config\publishers\websocket.properties
    6. In the following files, update the protocol in the value property of the PROPERTY directive from "ws:" to "wss:"
      • <FMESharedResourceDir>\localization\publishers\websocket\publisherProperties.xml
      • <FMESharedResourceDir>\localization\subscribers\websocket\subscriberProperties.xml
        • Note  <FMESharedResourceDir> refers to the location of the FME Flow System Share, specified during installation.
    7. Run the following .bat files, located in <FMEFlowDir>\Clients\utilities:
      • addPublishers.bat
      • addSubscribers.bat
    8. Restart FME Flow.
    9. To test that the configuration is complete, run jobs and view Topic Monitoring.
  10. (Optional) Update the SSO Authentication URL to use HTTPS
    11. Note  This step is applicable only if you want to use Integrated Windows Authentication (single sign-on) to access the FME Flow Web Interface.
    1. Run a text editor as an administrator and open the fmeserver propertiesFile.properties, located in <FMEFlowDir>\Utilities\tomcat\webapps\fmeserver\WEB-INF\conf\.
    2. Locate the SINGLE_SIGN_ON_AUTH_URL parameter, and update the host name and port portion of the URL to match the host name through which the FME Flow Web User Interface is accessed.

      3. For example:

      SINGLE_SIGN_ON_AUTH_URL=https://<MyFMEFlowHost>:443/fmetoken/sso/generate

FME Flow on Linux includes an NGINX reverse proxy that allows easy SSL configuration and the ability to choose ports under 1024 without root permission. HTTPS is configured on the NGINX reverse proxy rather than the Apache Tomcat web application server.

  1. Create a directory for the certificate:

    2. sudo mkdir /etc/nginx/ssl

  2. Place a certificate and key in the new directory.
    • If you are using a certificate issued by a certificate authority (CA), you will need the certificate or certificate bundle (.crt) and certificate key (.key).

    • If you are using a .pfx or .p12 certificate, you must convert it into .crt and .key format. For more information, see Configuring FME Flow for HTTPS in the FME Community.

    • Alternatively, you can generate a self-signed SSL certificate and keystore with the following command:

      • sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/<KeyName>.key -out /etc/nginx/ssl/<CertName>.crt

      Replace <KeyName> and <CertName> with the key and certificate filenames, respectively, For example, nginx.key and nginx.crt.

  3. Enable Diffie-Hellman key exchange:

    4. sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

    sudo chmod 400 /etc/nginx/ssl/dhparam.pem

  4. Open file /etc/nginx/conf.d/fmeflow.conf.
  5. Uncomment the server block that contains instructions to listen on port 80 and redirect to port 443. This block should appear similar to the following:

    6. # Redirect from 80 to 443 when SSL is enabled

    server {

    listen 80;

    server_name <<hostname>>;

     

    location / {

    return 301 https://$host$request_uri;

    }

    }

  6. In the main server block, comment the line with instructions to listen on port 80, and uncomment the lines that instruct to listen on port 443 with SSL and include the SSL configuration. When complete, these lines should appear as follows:

    7. #listen 80;

    listen 443 ssl;

    include /etc/nginx/fmeflow/ssl.conf;

  7. In the websocket server block, comment and uncomment the applicable lines to ensure that listening occurs on port 7078 with SSL. When complete, these lines should appear as follows:

    8. #listen 7078;

    listen 7078 ssl;

    include /etc/nginx/fmeflow/ssl.conf;

  8. Save and close the file.
  9. Open file /etc/nginx/fmeflow/ssl.conf and make sure the SSL certificate and key are pointed to the correct name and directory of your certificate, as defined in steps 1 and 2.
  10. Reload the NGINX configuration:

    11. service nginx reload

  11. Open file server.xml as administrator. This file is located in <FMEFlowDir>\Utilities\tomcat\conf.
  12. Update the proxyPort directive to 443:

    13. proxyPort="443"

  13. Update the scheme directive to https:

    14. scheme="https"

  14. Save and close the file.
  15. Open the following configuration file: /opt/fmeflow/Utilities/tomcat/webapps/fmeserver/WEB-INF/conf/propertiesFile.properties
  16. Update the WEB_SOCKET_SERVER_PORT directive to 443:

    17. WEB_SOCKET_SERVER_PORT=443

  17. Save and close the file.

  18. Update the FME Flow Web URL to use HTTPS:

    1. Run a text editor as an administrator and open fmeFlowConfig.txt.

    2. At the end of the file, under FME SERVER SETTINGS START > Port and Host Assignments, update the FME_SERVER_WEB_URL directive from http to https, and change the port to the same one specified in step 2.

    3. Save and close the file.

  19. Restart FME Flow.

See Also