gozoinks

Here, we've had to use a PDF-generating "robot" that exports a PDF of a record and re-imports the PDF into a container field. The user can then download and print the PDF. It is terribly inelegant. But the underlying Vaadin framework of the WebDirect platform is designed in such a way that printing from the browser is awkward, and FileMaker Server doesn't have any way of generating PDFs the way FileMaker Pro does, so the robot technique about as good as it gets until we put together a Custom Web Publishing application for this.

You seem to have it. When this option is on, encrypted connections are required; when it is off, encryption is permitted but optional. Encryption is always available if you opt to use it, regardless of this setting. This is why both HTTP and HTTPS work for WebDirect, even with this option turned off. With this setting enabled, FileMaker Server will not accept unencrypted connections. FileMaker clients (Pro, Go) can detect this and will switch to encrypted connections automatically. Your web server does not detect this, however, and it will not make the same switch. This is why turning this option on doesn't prevent your web server from listening on HTTP, but only HTTPS connections succeed. You may want to configure your web server to redirect requests from HTTP to HTTPS, in order to eliminate any confusion for your users. There are lots of ways to do this. The simplest might be with an .htaccess file in your web root, if you're using Apache on Mac OS X. You can do it with IIS on Windows, also. Now, while I'm on the subject… If you're making your WebDirect application available to the public Internet, you might consider implementing a reverse proxy server. A reverse proxy accepts connections from users on the Internet and forwards the requests to a server safely protected behind a firewall, so that people aren't connecting directly to your back-end database server. You can then require SSL for connections from the clients to the proxy, and you can use unencrypted connections from the proxy to the FileMaker server (where you can leave "Require…" turned off). This reduces the load on your FileMaker server by offloading encryption overhead to the proxy, which improves overall performance. If you were to go this route, you'd set up the HTTP->HTTPS redirect on the proxy server. Popular reverse proxies include HAProxy, Squid, and nginx. Cisco firewalls often have a facility for this as well. For posterity, here's a link to the FileMaker Server 13 security guide: http://help.filemaker.com/ci/fattach/get/104213/0/filename/security_guide_en_13_final.pdf