Jump to content
Smef

How to Use Let's Encrypt to get free SSL certificates for FileMaker Server

Recommended Posts

Smef    14

Hello Everyone,

 

I've written a PowerShell script to allow you to get a free SSL certificate from Let's Encrypt to use with FileMaker Server. You can schedule this to run every few months and renew your certificate automatically. Now there's no reason to keep using that default certificate. Check out the post for instructions!

 

How to Use Let’s Encrypt SSL Certificates with FileMaker Server | Blue Feather - FileMaker Developer, Android, Web 


EDIT: One compatibility note for everyone - While it looks like it's all compatible with FileMaker Pro 13-15, only FileMaker Go 15 is compatible. FileMaker Go 14 is unable to connect with these certificates installed. I'd recommend using FM Go 15 anyway, but it's something to be aware of if you're still using FM Go 14.

Edited by Smef
Added note about FM Go 14 compatibility.
  • Like 2

Share this post


Link to post
Share on other sites
Wim Decorte    446

You make it clear in your article but I want to repeat it here: those certificates are NOT supported by FMI so I would not deploy this to production...

Share this post


Link to post
Share on other sites
Smef    14

The warning FMI gives about using non-supported SSL certificates is that FileMaker Pro and Go clients won't be able to verify the SSL certificate. I believe we've solved this issue with this solution, and FileMaker clients as early as 13 are able to successfully verify the SSL certificate. There could be other issues lurking somewhere, but we've got this deployed in a number of live servers with no issues so far. It's definitely a good idea to do some testing after deploying this, all the same.

If anyone does encounter any issues, please post them here, on the article's comment section, or send a private message or email to me.

Edited by Smef

Share this post


Link to post
Share on other sites
Smef    14

It's definitely doable in a similar fashion, I just haven't gotten to doing it yet. I may have a Mac server available soon I can do testing on, and will definitely post when I get a script available for Mac.

Share this post


Link to post
Share on other sites
dansmith65    83

Great job @Smef! I've been wanting to use Let's Encrypt, but didn't think it was compatible with FileMaker.

When I schedule tasks on a FileMaker Server, I prefer to schedule them from within FileMaker Server itself. Since FMS can't run powershell scripts directly, I send this bash script the name of a powershell script to run and any parameters to send to the powershell script, if needed:

:: file name: run_powershell_script.cmd
:: Created by: Daniel Smith http://scr.im/fmconsulting

:: change current directory to script location
@PUSHD %~dp0

:: this is the old method that I disabled because of a bug in powershell.exe
:: powershell.exe -file %*

:: calling powershell.exe with -file option causes exceptions to NOT return an error code to this script
:: I implemented a work-around linked to from here: http://stackoverflow.com/a/15779295
:: I am replacing " with ' because, when using the -command option, " does not group data into a single value
:: FMS reads an errorlevel of 1 as "aborted by user" and only set's the log level to information,
:: I am trapping for uncaught errors and returning 100 so the log level is set as error in FMS
:: Since the actual error returned by the powershell script is lost, I'm sending it to a file.

SET params=%*
SET params=%params:"='%
PowerShell.exe -ExecutionPolicy unrestricted -command "& {trap{Out-File -FilePath "..\Documents\run_powershell_script_errors.log" -Append -InputObject $_ ; exit 100} .\%params%}"

@POPD

EXIT /B %ERRORLEVEL%

 

Share this post


Link to post
Share on other sites
Smef    14

Will this Run as Administrator? I don't think FileMaker Server normally has permission to edit the CStore folder, which is why "Run as Administrator" is required.

Share this post


Link to post
Share on other sites
dansmith65    83

Probably not; I hadn't thought of that. I usually don't run scheduled scripts as Administrator, so that hasn't come up.

In that case, I would use a script to create the scheduled task. Here's an example: (the options would need to be changed to get it to run as Administrator)

# https://technet.microsoft.com/en-us/library/jj649816(v=wps.630).aspx

$Action = New-ScheduledTaskAction `
	-Execute powershell.exe `
	-Argument "-ExecutionPolicy Bypass -File C:\GetSSL.ps1"

$Trigger = New-ScheduledTaskTrigger `
	-DaysInterval 85 `
	-At 1:00am

$Settings = New-ScheduledTaskSettingsSet `
	-AllowStartIfOnBatteries `
	-DontStopIfGoingOnBatteries `
	-ExecutionTimeLimit 00:05 `
	-StartWhenAvailable

$Principal = New-ScheduledTaskPrincipal `
	-UserId $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) `
	-LogonType S4U

$Task = New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal `
	-Description "TODO:explain what the task is for"


Register-ScheduledTask -TaskName "TODO:task-name" -TaskPath "TODO:optional-folder-name" -InputObject $Task -Force

 

Share this post


Link to post
Share on other sites
Dean Suhr    0

Ping ... Has anyone implemented Let's encrypt on a Mac running FileMaker Server?

Edited by Dean Suhr

Share this post


Link to post
Share on other sites
Smef    14

I've got this on my list of things to do as well. It should be a pretty similar process.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Similar Content

    • By Productive Computing, Inc.
      San Diego, CA - July 21, 2017 - Productive Computing, Inc., a Platinum member of the FileMaker® Business Alliance, is proud to announce the release of the Exchange Manipulator SE (Server Edition) plug-in for Exchange Web Services. This server-side plug-in connects FileMaker directly to Microsoft Exchange Web Services, allowing users to push and pull Contact, Calendar, Task, Mail and Note data from an Exchange mailbox or with public and shared folders in an Exchange environment.
       
      "By utilizing FileMaker Server and “perform script on server” to handle the processing, users can shuffle data back and forth to Exchange using FileMaker Pro, Go, or WebDirect. Server-side plug-ins allow users to truly capitalize on FileMaker's platform versatility and flexible deployment for their apps. For the first time ever, FileMaker Server can talk directly to an Exchange server (without requiring Outlook) and you can queue up dozens of requests to process in the background in seconds." Marc Larochelle, Chief Executive Officer, Productive Computing, Inc.
       
      The Exchange Manipulator SE plug-in is confirmed compatible with FileMaker Server 14-16, Windows Server 2012 and 2016, Microsoft Exchange Server 2013 and 2016, and Microsoft 365 Hosted Exchange. This release also features new client and server-side demo files and a new Developer's Guide, Functions Guide, and Migration Guide for assistance integrating the plug-in. Scripting changes are required for those interested in migrating from using Outlook Manipulator to using Exchange Manipulator SE.
       
      Key features of Exchange Manipulator SE:
      · Import and parse emails from Exchange into FileMaker to create a complete archive of all email correspondence
      · Send plain text or HTML formatted emails with multiple attachments from FileMaker
      · Having your FileMaker data in Exchange allows all Exchange connected devices access to that data
      · Send official Exchange meeting requests and cancellations directly from FileMaker
      · Accept, decline, and tentatively accept meeting Exchange invitations
      · Push or pull tasks and notes between FileMaker and Exchange
      · Set due dates for tasks and mark tasks as complete
      · Get and set contact images
      · Push and pull information from any device using FileMaker Pro, Go, and WebDirect
      · Send email "On Behalf of" or "From" another user in the Exchange environment
      · Save messages as .eml files (allows you to archive your email in a FileMaker container or elsewhere)
      · Send official Exchange meeting requests to required and optional attendees
      · Set reminder rules to utilize the pop-up reminders within your chosen calendar application
       
      Benefits of a Server license include:
      · Added convenience of installing the server plug-in on one machine
      · Unlimited users on one server
      · Ability to automatically update changes to users' Exchange mailboxes using FileMaker Server's scripting engine 
      · Communicate directly to Exchange without requiring Outlook
      · Communicate directly to any Exchange mailbox 
       
      The Exchange Manipulator SE plug-in is available for an annual price of $3,000 for a Server license. The Server license includes a free copy of the client-side plug-in for development and authentication purposes. For more information on the Exchange Manipulator SE plug-in and to download a demo, visit www.exchangemanipulator.com or call 760-510-1200.
       
      FileMaker Pro Support and Plug-in Integration:
      Do you have database enhancements you would like to have programmed?  Want help getting a plug-in professionally installed into your FileMaker solution?  We can help!
       
      The process is easy - complete our online Request For Quote form (RFQ) or call us directly at (760) 510-1200 and one of our certified developers can work with you on improving your solution today.
       
      About Productive Computing, Inc.
      Since 1996, Productive Computing, Inc. has been helping its customers become more efficient and profitable by implementing custom software solutions using FileMaker Pro. Utilizing FileMaker Pro as a rapid application development tool, their certified FileMaker developers can create custom applications that a business can run on their Windows or Macintosh desktop computers, in a web browser, on an iPad or iPhone or shared simultaneously on all of these platforms.
       
      Productive Computing, Inc. also produces Core4 CRM and Core5 Starter Edition, two off-the-shelf productivity solutions designed to automate your workflow, as well as a suite of FileMaker Pro plug-ins that allow FileMaker Pro to integrate with third party applications including Outlook, QuickBooks, Apple Contacts and Calendar, PDF forms, digital signatures, and biometric fingerprint scanners.
       
      In addition, Productive Computing, Inc. is a full-service FileMaker Pro hosting company. FileMaker hosting services allow customers to host their own FileMaker Pro solutions on Productive Computing servers in the cloud instead of purchasing and supporting the necessary server infrastructure themselves. These same servers also provide the infrastructure for customers who would prefer to subscribe to Productive Computing's Core4, Core5, or Vessel Service Solutions under a SaaS (Software as a Service) pricing model.
       
      Productive Computing, Inc. is one of only a few companies in the United States to have earned the highly respected Platinum level membership within the FileMaker Business Alliance and recently won the exclusive FileMaker Business Alliance Partner of the Year award.
       
      Productive Computing, Inc.
      950 Boardwalk, Suite 205
      San Marcos, CA 92078
      www.ProductiveComputing.com
      sales@productivecomputing.com
      (760) 510-1200
       
      Press Contacts:
      Productive Computing, Inc.
      Keith Larochelle
      (760) 510-1200
       
      # # #
      ---------------------------------------------------
       
    • By cnschulz
      Gday, 
      In an effort to figure out how SSL works with filemaker I have enabled the default SSL cert that comes with filemaker. Unfortunately I am still presented with an SSL error when I connect to the databases hosted on the server (see image). What steps am I missing in order to get this certificate to work? I understand this is a "not for production" certificate however it is in date and valid and we are using it to see how a production installation would be achieved. FM Server 16, FMPro 16 Windows server 2012.
      In order to reproduce the error we:
      1. Enabled SSL on the FM server
      2. Restarted the service
      3. Checked SSL certificate in FM admin console
      4. Connected to server using client


      Any help appreciated. 
       
    • By cnschulz
      Gday, 
       
      We are running FM server 16 with FM pro 16 and FM Go 16 clients. We have do not use SSL certs as yet. When opening databases on the go client, the user is presented with a dialog stating that the connection is not secure and would they like to proceed. Secondly, programmatic access to the server is failing due to this new error being returned from the first "ping" of the server. I understand this is normal behaviour but obviously we want to get rid of this.
      We need to sign our server. The problem is that it is used on the intranet only and CA's will not sign machines that are not public facing. We will not be making our server public facing.
      What are the best practices surrounding getting this machine certified?
      Any help appreciated.
    • By bennyj710
      I have just created an e-commerce site and is it required to encrypt SSL certificate to it. Are there any free options for it?
       
       
    • By Jay
      I've done a search in this forum for "SSL" and it returns no result. So I'll start this thread:
      Has anyone posted a step by step guideline on how to implement SSL for FileMaker Server? If not, it would be very helpful, at least for me.
      I am familiar with generating the request from the FileMaker Server Admin Console. I am familiar with submitting the generated pem key to the GoDaddy service, who then generates a certificate for a price. I am familiar with placing said certificate in the correct folder on the server. However, that's where I leave off. There's some final steps missing, I don't know what they are. But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow. No idea what those steps would be. Any insight would be appreciated. 
       
      Thank you
       
×

Important Information

By using this site, you agree to our Terms of Use.