FMServer 14 with OS X Server and Custom WebDirect SSL certificate

[xochi]

I'm happy to report that FileMaker Server 14 seems to work just fine with OS X 10.10.3 / Server.app 4.1, and the experience overall is better than with 10.9 and FMS13.

Here are my tips & hints:

• During installation, you will be asked which Ports to use for HTTP and HTTPS.   Since OS X server already uses 80 and 443 by default, you should pick different ones.  You can see a list of which ones to avoid here:  https://support.apple.com/en-us/HT202944   (Note: usually ports below 1024 require root permissions.  I chose two in the 8000s and it worked fine)
• During Deployment, on the step where it tries to Test the Webserver, it fails.   I think this is just a bug in the Deployment Assistant - it has happened to me twice now. The solution is easy :     Cancel out of Deployment and Reboot the Mac.  After rebooting, resume the deployment by navigating to http://localhost:16001/admin-console  and the second time the web server test works fine.
• Using a different SSL certificate for WebDirect is quite easy:   Do NOT configure the certificate inside the Admin console.   Instead, you can make these changes:

Copy your Certificate and Private Key to the folder /Library/FileMaker Server/HTTPServer/conf/

Edit the file /Library/FileMaker Server/HTTPServer/conf/extra/httpd-ssl.conf with these changes:

        #SSLCertificateFile "${HTTP_ROOT}/conf/server.pem"   <<-- this is the existing line.  Put a "#" at the beginning of the line to comment it out
        SSLCertificateFile "${HTTP_ROOT}/conf/my-ssl-certificate.pem"  # this is the new line you add which points to your certificate

and

        #SSLCertificateKeyFile "${HTTP_ROOT}/conf/server.key"  <<-- this is the existing line.  Put a "#" at the beginning of the line to comment it ou
        SSLCertificateKeyFile "${HTTP_ROOT}/conf/my-ssl-certificate-private.key"   # this is the new line you add which points to your certificate

Restart the web server by executing the following command in Terminal:

     sudo /Library/FileMaker\ Server/HTTPServer/bin/httpdctl graceful

 

 

 

[Simon Brown]

@xochi,

A question about this:

Did you create the CSR in Server.app? Otherwise, it seems like you'd have a problem with Apache being unable to provide the needed pass phrase w/o some additional changes.

[xochi]

I'm using an unencrypted private key, and also using an intermediate keychain.  So in total, my config looks like this with three items:

    SSLCertificateFile         /Users/user/Data/example.com/data.example.com.crt
    SSLCertificateKeyFile    /Users/user/Data/example.com/data.example.com.nopass.key
    SSLCertificateChainFile /Users/user/Data/example.com/data.example.intermediate-ca.crt