mac | pc Latest FM 13 security update

[Rick Whitelaw]

I'm missing something here.i received an email from FMI about the latest update and followed the links etc. I run FMS with SSL turned on. The default certificate is used I assume. Now it seems the cert is only good for testing. Has this always been the case? Ami to assume that I must now purchase a third party certificate to use SSL effectively?

[Wim Decorte]

Yes, you should purchase a certificate for your client deployments. For your own dev/test rig: that's up to you and your evaluation whether the data there is vulnerable/important.

 

With a custom certificate you have more control over the fact that the clients can verify that they are in fact talking to the right FMS.

[Josh Ormond]

"the only secure way to connect" I believe is the line they used.

[Rick Whitelaw]

Thanks Wim.

I'm the only client. I don't suppose that makes a big difference since transmission of data is transmission of data no matter how one slices it. If there's anything further please reply.

[mr_mike]

Can a self signed certificate be used?  We have the ability to generate these for all our servers.

 

Thank you

 

[Josh Ormond]

FileMaker has a built in list of CA and Certificates it can use...if I understand it correctly.

[Claus Lavendt]

To anyone interested, Richard and I shot a video today, that he will publish at the end of the week.
I wrote a very simple guide and tool, which you can find on this link:

http://www.datamanix.com/news/files/fms-certificate-guide-tool.html

[Wim Decorte]

Good stuff Claus.  What do you do with with the "intermediate certificate" that you get from the CA?

[Claus Lavendt]

Thank you.

Well, I don't do anything with the "intermediate certificate" as you do not always get such from the CA.

But if you go with FM supported certificates it seems that FMS has the intermediate certificates for them.

I have only tested SSL 123 from Thawte, though.

 

Please feel free to contribute as much as you want. DevCon un-conference could maybe be  a venue for a workshop/talk about this area ?

[Ocean West]

I used the tool @Claus Lavendt and everything worked fine but i am getting an error that i hand't seen - 

This certificate does not match the key file [Error: -1 (Internal error)]

not sure the proper remedy.

 

 

[Saubs]

I know that FM Pro 13.0v9 can't open a database hosted on FM Server 13.0v5.  But is the inverse true as well?  That is, can FM Pro 13.0v5 open a database that's hosted on FMS 13.0v9?

Many thanks--

[Claus Lavendt]

The first is only true if SSL is enabled on FMS and using the default FMI certificate.

FMP(A) 13.0v5 CAN open files on FMS 13.0v9

Bear in mind that there is only an issue, if SSL is enabled on the server and you are using default FMI certificate.

If you want to enable SSL on the server, you should install a custom certificate.

Richard Carlton and I did a video on how to do that. 

[Claus Lavendt]

Stephen, it sounds like you have run the command again, after sending off the Certificate Request file to the vendor, where you want to puchase your certificate.

This could result in the keyfile being generated again, which will then not match your signed certificate.

Create a new CSR file with the first command. -> ask your SSL vendor to re-issue your certificate, using the new CSR file -> when recieving the signed certificate, use that to install with the second command. Make sure to read both the guide and the notes in the tool as it makes some assumptions to both naming and place for the signed certificate file.

If you are new to SSL, the video Richard and I did, provides some basic explanations to what it is.

[Steven H. Blackwell]

Latest Update http://thefmkb.com/14358.  Version 12 now included.  Please read the instructions carefully.

 

Steven

[Ocean West]

@Claus Lavendt et al - I discovered what the issue was. The Certificate came back from the CA via email - which was received on a 'web based' email client and the copy operation included random invisible characters. Pasting as plain text into a text editor did strip out these characters and was able to properly install the certificate.

[James Gill]

Latest Update http://thefmkb.com/14358.  Version 12 now included.  Please read the instructions carefully.

 

Steven

Your Link is busted, should be http://thefmkb.com/14358