SSL for FMServer setup guidelines?

[Jay]

I've done a search in this forum for "SSL" and it returns no result. So I'll start this thread:

Has anyone posted a step by step guideline on how to implement SSL for FileMaker Server? If not, it would be very helpful, at least for me.

I am familiar with generating the request from the FileMaker Server Admin Console. I am familiar with submitting the generated pem key to the GoDaddy service, who then generates a certificate for a price. I am familiar with placing said certificate in the correct folder on the server. However, that's where I leave off. There's some final steps missing, I don't know what they are. But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow. No idea what those steps would be. Any insight would be appreciated. 

 

Thank you

 

[Wim Decorte]

1 hour ago, Jay said:

I am familiar with placing said certificate in the correct folder on the server.

That's where your process fails.  You don't place the certificate into the 'correct' folder.  You use the FMS admin console or the fmsadmin command line to import the certificate.  That process takes are of putting the cert where it belongs.

 

See instructions here:

http://help.filemaker.com/app/answers/detail/a_id/14174

 

1 hour ago, Jay said:

But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow.

This sounds like you haven't configured the DNS properly.  That's not strictly speaking part of the SSL config process which is why you won't find any instructions on it by searching for SSL help.  There is also not a simple answer for this because it depends on your DNS management.  If you have no idea how that works then your best bet is to find someone locally with DNS experience.

[Jay]

Sorry, incorrect phrasing for brevity. This has been done.  It's been generated and imported. That part is long complete.

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

Thank you

[Wim Decorte]

1 hour ago, Jay said:

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

 

In DNS management.

You keep mentioning "www." Your cert will be for "something.com" I'm assuming without the 'www', is that correct?  Is it a wildcard cert?

Do you want people to have a valid encrypted connection to the website www.something.com?  Or are we talking about FMP connections inside the network to an FMS on a machine named someserver.something.com?

 

[Jay]

Excellent questions, Wim. It is in fact something.com without the www.  I am not sure if it's a wildcard cert, but the domain will not be hosting any web sites or other services, nor will it have other TLD's.  Just plain something.com dedicated to FileMaker. The goal is for filemaker client access from across the internet, through SSL to our FileMaker Server. I am assuming that we will (eventually) enter something.com under Open Remote instead of the IP address. 

When hitting the server via the IP address, it connects, but of course gives us a warning about a certificate mismatch - I am assuming that's because we are using the server's IP instead of something.com.

I believe the only thing we would need to do is mess with the DNS at the registrar, tell them that something.com needs to resolve to a specific IP address and then that's it, it should work at that point?