Importing a CA Certificate for SSL Connections

To authenticate SSL connections using a CA certificate, import the certificate and instruct FME Server to add it to the list of trusted certificates.

  1. Make a backup of the current list of trusted Certificate Authorities:
  2. <FMEServerDir>/Utilities/jre/lib/security/cacerts

  3. Obtain your RootCA certificate as a .cer file:
  4. http://<domain-controller>/certsrv/certcarc.asp > 'install this CA certificate'

    Or, contact your domain administrator

  5. Add the certificate to the list of trusted ones:
    • Linux:
    • Open the command terminal and issue the following commands:

      cd <FMEServerDir>/Utilities/jre

      ./bin/keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore ./lib/security/cacerts

    • Windows:
    • Launch cmd.exe and issue the following commands:

      cd <FMEServerDir>\Utilities\jre

      bin\keytool -import -trustcacerts -alias <rootca-alias> -file <cer-file> -keystore

      lib\security\cacerts

      When prompted for keystore password, default is changeit.

      When prompted to trust certificate, answer yes.

    Where:

    • <rootca-alias> is the custom alias for the certificate.
    • <cer-file> is the path to the .cer file downloaded in step 2.
  6. Restart FME Server.