We have reset all users FileMaker related profile fields. Please take the opportunity to update your information,  this will provide background to members whom read your posts. Click here.

Jump to content
MacFileman

SSL Renewal Problems

Recommended Posts

MacFileman    0

Hi... I have been using Filemaker Cloud for three months and like others, my certificate expired. This has become my worst nightmare.

I took my problem up directly with Filemaker Support and they put their best people on my case. They even remote logged into my computer to make sure that I was doing everything exact..which I did. This is what they instructed me to do....

1) Buy A domain Name (I had one already)

2) We created a CSR/KEY File on my mac using terminal. Pretty Straight Forward, but they had me list my domain name as the "Common Name"

3) From my iCloud Dashboard I renewed my Certificate (Commodo) with the CSR we Created. I inserted my CSR and Paid for it. I received my actual certificate pretty rapidly...a few minutes.

4) Logged back into my console and "imported" my new certificate. Things were feeling good.... server rebooted.

5) They had me log into my registrar (Network Solutions) and then point my domain using CNAME at the new server location. We actually called Network Solutions and had them do it exactly.

Now I am just waiting for it to point... been a few days. Something feels way off. How is it possible that I am securing my domain when my files aren't there? If I hit the filemaker cloud server directly, it says this is unsecure. I feel like the forwarding is not working because I am forwarding into an unsecure website.

Note: this is all under the direct guidance of filemaker support!

I read a few other posts around the internet and here. Anyone else having the struggles I am having? I am losing my cool with Filemaker. Due to the seriousness of the nature, I make drop Amazon Web Services and buy a server and just do it myself, I am at a critical level, these needs to be done now!

Thanks for letting me vent... feedback welcome!

 

Mike

 

 

 

 

 

 

 

 

Edited by MacFileman
Type Adjustment

Share this post


Link to post
Share on other sites
MacFileman    0

Hey... you might be on to something. Specifically, these are screen shots of what FM Support had me do. Should I be using a sub domain? I am not using any subdomains.

 

 

 

Screen Shot 2017-03-02 at 8.36.12 AM.png

Screen Shot 2017-03-02 at 8.36.28 AM.png

Edited by MacFileman
Added copy

Share this post


Link to post
Share on other sites

I don't really understand those (proprietary) DNS configuration screens - we just configure BIND directly here.

You can use any (sub)domain you want for your certificate, as long as it has an associated A and not CNAME record.

- John

Share this post


Link to post
Share on other sites
MacFileman    0

I am not this savvy with web stuff... I am going to run this by FM Support today and I will let you know how this works out.

And thanks for input!

Share this post


Link to post
Share on other sites

This is the problem with FileMaker Cloud - there just isn't any competent support behind it.

Have a look at our services for an alternative:

http://www.pointinspace.com/

We've been providing professional FileMaker Hosting for over 18 years.  We offer shared accounts and virtual dedicated servers running the full version of FileMaker Server (no limitations like FileMaker Cloud), and include complete management with all of our accouts.  For example, we would easily be able to assist with the SSL renewal issues you are having.

- John

Share this post


Link to post
Share on other sites
Josh Ormond    89
2 hours ago, MacFileman said:

I am not this savvy with web stuff... I am going to run this by FM Support today and I will let you know how this works out.

And thanks for input!

This may or may not apply to you: One really important note: Comodo SSL Certs require additional information, that other cert authorities do not require in the CSR. Nothing in the FMI documentation told me you needed additional info. And with GoDaddy and other provides, not all of this was needed.

They require a few pieces of info that I don't remember running into with other companies. I could never get them to work without all of this info ( from the Comodo website ):

Host Name: Enter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN).
  For example, www.yourdomain.com or yourdomain.com
   
Contact Email Address: Enter an email address at which you can be contacted.
   
Company or Organization: Enter the legally registered name of your organization or company.
   
Department: Enter the name of your department within the organization. For example, you can enter IT or Web Security.
   
Town or City: Enter the town or city where your organization or company is located.
   
State or Province: Enter the state or providence where your organization or company is located.
   
Country: In the drop-down list, select the country where your organization or company is located.

Share this post


Link to post
Share on other sites
MacFileman    0
49 minutes ago, Josh Ormond said:

This may or may not apply to you: One really important note: Comodo SSL Certs require additional information, that other cert authorities do not require in the CSR. Nothing in the FMI documentation told me you needed additional info. And with GoDaddy and other provides, not all of this was needed.

They require a few pieces of info that I don't remember running into with other companies. I could never get them to work without all of this info ( from the Comodo website ):

Host Name: Enter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN).
  For example, www.yourdomain.com or yourdomain.com
   
Contact Email Address: Enter an email address at which you can be contacted.
   
Company or Organization: Enter the legally registered name of your organization or company.
   
Department: Enter the name of your department within the organization. For example, you can enter IT or Web Security.
   
Town or City: Enter the town or city where your organization or company is located.
   
State or Province: Enter the state or providence where your organization or company is located.
   
Country: In the drop-down list, select the country where your organization or company is located.

Interesting... I think part of this though depends on how you generate your CSR and KEY file. I did mine through TERMINAL on my Mac. File maker support had me generate it by entering the following text in Terminal...

openssl req -out csr.csr -new -sha256 -newkey rsa:2048 -nodes -keyout key.key

Upon entering this code, Terminal generates a series of Questions, like the ones above you posted. When I was finished, Terminal then generated a .key and .csr file which is used at the Comodo to purchase your SSL Certificate.

 

At this time, Filemaker is spinning this back to issues at network solutions, which may be the case. It may not be... told to wait another day by Network Solutions, by the are escalating my issue.

This all said, I intend to to keep this thread updated and probably create a brand new thread with "How to do this as per Filemaker"

- I am aware Claus had a great solution, which I thoroughly inspected. Half of me wishes I went down that path,, securing the actual FMI server makes most sense since that is where the files reside, but I need Filemaker Support behind the product, his method was unsupported.

- I am also entertaining Point in Space... probably eliminate every headache imaginable.

- I am also entertaining just making my own server internally. Kind of a Headache, but I own FM Server 15

One thing is extremely clear. Filemaker Cloud is not as simple or friendly. It is very new and they appear to be "winging it" as they go. Amazon Web Server is just a pain in the rear. I got that part up fairly easily, but would be difficult for most users.

 

 

 

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites
MacFileman    0
15 minutes ago, John May - Point In Space said:

Note that our pricing is competitive with AWS as well, once you factor in their hidden backup and processor time charges.

- John

Still tempting... need a few days before I make a drastic move like that, but thanks!

Share this post


Link to post
Share on other sites
Josh Ormond    89

If that is the code you used to generate the CSR, that is likely at least partially why it's not working. I fought with this with a Comodo cert for while.

This is Comodo's sample code from their website. As you can see, it has the additional info:

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"

 

Share this post


Link to post
Share on other sites
MacFileman    0
1 hour ago, Josh Ormond said:

If that is the code you used to generate the CSR, that is likely at least partially why it's not working. I fought with this with a Comodo cert for while.

This is Comodo's sample code from their website. As you can see, it has the additional info:


openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"

 

The code I posted earlier did work. I was able to get the certificate and install into my Filemaker Cloud and it rebooted, etc. There was a minor glitch, the password I put into Terminal for the CSR and Key was not the password when I installed it. (We might be talking about different issues) It turns out, there was no password at all and that field was left blank for it to work.

My actual problem is getting my website that is now secured to point to my FMI server...I am possible having a problem now with my Registrar and the CNAME Panel pointing it correctly, If I make a change in a setting it is like a 24-48 wait time... very frustrating. FIlemaker says it my Registrar.

Right now I am in Limbo and my registrar, Network Solutions, is also looking into the matter. I am trying t be patient, but the whole process does not feel right. I am securing a website where my files are not located, but Filemaker assures me this is the process.

 

 

Share this post


Link to post
Share on other sites
MacFileman    0

Current update......

So, the first simple domain I bought with Network Solutions will not point to the FM Cloud Server. After all my back and fourth with FM Support... I bought a new domain from a registrar of their choice, iPage. I gave them the credentials to point it themselves. They logged in and made the settings. New domain is not pointing to my server...I have to laugh at this point. It might by morning, I will give them the benefit of the doubt.

I discussed this with my IT guru who happens to be away for two weeks magically while my SSL Cloud Certificate expired. Coincidence? Anyway, he feels its rather ridiculous to buy a website to "point" to the cloud server, and secure the site that the files are not even on. This is extremely convoluted he says.

For the nonbelievers, I am working directly with FM Support to re-secure my FM Cloud Files. I have spent 10+ hours this week on the phone with them. I thought I would also share their published recomandation.

http://help.filemaker.com/app/answers/detail/a_id/16125/track/AvMawQoYDv8S~ZOfGmQc~yJfbe8qNy75Mv_g~zj~PP9p

I have followed these steps forward and backwards.... something is up! I love Filemaker, we all do here... but the cloud is not thought out on their part. Filemaker is a huge company, why don't they just put in their own servers, secure it all and cut this third party non-sense out with Amazon and Comodo?

Updates coming tomorrow!

 

Mike

 

 

 

 

 

 

 

 

 

 

Edited by MacFileman
Typo

Share this post


Link to post
Share on other sites
MacFileman    0

Last update....setting up a Filemaker Server is way easier then dealing with Filemaker Cloud! I am pleased to report that I just canceled my AWS Account. I had a server up and running in under 10 minutes. 

My advice... do not do Filemaker Cloud until they get their act together.

 

Sorry, John May at Point in Space... I had the computer and I own Filemaker Server... just easier and no monthly Fees.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×