Jump to content

How to Use Let's Encrypt to get free SSL certificates for FileMaker Server

Recommended Posts

Smef    15

Hello Everyone,


I've written a PowerShell script to allow you to get a free SSL certificate from Let's Encrypt to use with FileMaker Server. You can schedule this to run every few months and renew your certificate automatically. Now there's no reason to keep using that default certificate. Check out the post for instructions!


How to Use Let’s Encrypt SSL Certificates with FileMaker Server | Blue Feather - FileMaker Developer, Android, Web 

EDIT: One compatibility note for everyone - While it looks like it's all compatible with FileMaker Pro 13-15, only FileMaker Go 15 is compatible. FileMaker Go 14 is unable to connect with these certificates installed. I'd recommend using FM Go 15 anyway, but it's something to be aware of if you're still using FM Go 14.

Edited by Smef
Added note about FM Go 14 compatibility.
  • Like 2

Share this post

Link to post
Share on other sites
Wim Decorte    456

You make it clear in your article but I want to repeat it here: those certificates are NOT supported by FMI so I would not deploy this to production...

Share this post

Link to post
Share on other sites
Smef    15

The warning FMI gives about using non-supported SSL certificates is that FileMaker Pro and Go clients won't be able to verify the SSL certificate. I believe we've solved this issue with this solution, and FileMaker clients as early as 13 are able to successfully verify the SSL certificate. There could be other issues lurking somewhere, but we've got this deployed in a number of live servers with no issues so far. It's definitely a good idea to do some testing after deploying this, all the same.

If anyone does encounter any issues, please post them here, on the article's comment section, or send a private message or email to me.

Edited by Smef

Share this post

Link to post
Share on other sites
Smef    15

It's definitely doable in a similar fashion, I just haven't gotten to doing it yet. I may have a Mac server available soon I can do testing on, and will definitely post when I get a script available for Mac.

Share this post

Link to post
Share on other sites
dansmith65    83

Great job @Smef! I've been wanting to use Let's Encrypt, but didn't think it was compatible with FileMaker.

When I schedule tasks on a FileMaker Server, I prefer to schedule them from within FileMaker Server itself. Since FMS can't run powershell scripts directly, I send this bash script the name of a powershell script to run and any parameters to send to the powershell script, if needed:

:: file name: run_powershell_script.cmd
:: Created by: Daniel Smith http://scr.im/fmconsulting

:: change current directory to script location
@PUSHD %~dp0

:: this is the old method that I disabled because of a bug in powershell.exe
:: powershell.exe -file %*

:: calling powershell.exe with -file option causes exceptions to NOT return an error code to this script
:: I implemented a work-around linked to from here: http://stackoverflow.com/a/15779295
:: I am replacing " with ' because, when using the -command option, " does not group data into a single value
:: FMS reads an errorlevel of 1 as "aborted by user" and only set's the log level to information,
:: I am trapping for uncaught errors and returning 100 so the log level is set as error in FMS
:: Since the actual error returned by the powershell script is lost, I'm sending it to a file.

SET params=%*
SET params=%params:"='%
PowerShell.exe -ExecutionPolicy unrestricted -command "& {trap{Out-File -FilePath "..\Documents\run_powershell_script_errors.log" -Append -InputObject $_ ; exit 100} .\%params%}"




Share this post

Link to post
Share on other sites
Smef    15

Will this Run as Administrator? I don't think FileMaker Server normally has permission to edit the CStore folder, which is why "Run as Administrator" is required.

Share this post

Link to post
Share on other sites
dansmith65    83

Probably not; I hadn't thought of that. I usually don't run scheduled scripts as Administrator, so that hasn't come up.

In that case, I would use a script to create the scheduled task. Here's an example: (the options would need to be changed to get it to run as Administrator)

# https://technet.microsoft.com/en-us/library/jj649816(v=wps.630).aspx

$Action = New-ScheduledTaskAction `
	-Execute powershell.exe `
	-Argument "-ExecutionPolicy Bypass -File C:\GetSSL.ps1"

$Trigger = New-ScheduledTaskTrigger `
	-DaysInterval 85 `
	-At 1:00am

$Settings = New-ScheduledTaskSettingsSet `
	-AllowStartIfOnBatteries `
	-DontStopIfGoingOnBatteries `
	-ExecutionTimeLimit 00:05 `

$Principal = New-ScheduledTaskPrincipal `
	-UserId $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) `
	-LogonType S4U

$Task = New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal `
	-Description "TODO:explain what the task is for"

Register-ScheduledTask -TaskName "TODO:task-name" -TaskPath "TODO:optional-folder-name" -InputObject $Task -Force


Share this post

Link to post
Share on other sites
Dean Suhr    0

Ping ... Has anyone implemented Let's encrypt on a Mac running FileMaker Server?

Edited by Dean Suhr

Share this post

Link to post
Share on other sites
Smef    15

I've got this on my list of things to do as well. It should be a pretty similar process.

Share this post

Link to post
Share on other sites
ggt667    8

Will this be the full procedure for FM16S on a Mac?




brew install certbot


Perpetually; the first of every month or so

sudo certbot certonly -w "/Library/FileMaker Server/HTTPServer/htdocs" -d sub.domain.tld
ln -s /etc/letsencrypt/live/sub.domain.tld/privkey.pem /Library/FileMaker\ Server/CStore/privkey.pem
sudo fmsadmin certificate import /etc/letsencrypt/live/sub.domain.tld/fullkey.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem
sudo launchctl stop com.filemaker.fms
sudo launchctl start com.filemaker.fms


Here are some examples on how to use certbot for other purposes: https://certbot.eff.org/docs/using.html

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Richard Carlton
      PHP VIDEO 2 - Process Walkthrough: https://youtu.be/yAQX0B9Hfyk
      PHP VIDEO 3 - Sample Code Review: https://youtu.be/9thUCa_q_eY
      Download Sample Code: http://fmstartingpoint.com/links/dl_proc.php?idc=CPN_S0067
      Live PHP Page to try out: http://fmstartingpoint.com/links/dl_proc.php?idc=CPN_R0068
      FileMaker CWP Guide: https://fmhelp.filemaker.com/docs/16/en/fms16_cwp_guide.pdf
    • By Productive Computing, Inc.
      San Diego, CA - July 21, 2017 - Productive Computing, Inc., a Platinum member of the FileMaker® Business Alliance, is proud to announce the release of the Exchange Manipulator SE (Server Edition) plug-in for Exchange Web Services. This server-side plug-in connects FileMaker directly to Microsoft Exchange Web Services, allowing users to push and pull Contact, Calendar, Task, Mail and Note data from an Exchange mailbox or with public and shared folders in an Exchange environment.
      "By utilizing FileMaker Server and “perform script on server” to handle the processing, users can shuffle data back and forth to Exchange using FileMaker Pro, Go, or WebDirect. Server-side plug-ins allow users to truly capitalize on FileMaker's platform versatility and flexible deployment for their apps. For the first time ever, FileMaker Server can talk directly to an Exchange server (without requiring Outlook) and you can queue up dozens of requests to process in the background in seconds." Marc Larochelle, Chief Executive Officer, Productive Computing, Inc.
      The Exchange Manipulator SE plug-in is confirmed compatible with FileMaker Server 14-16, Windows Server 2012 and 2016, Microsoft Exchange Server 2013 and 2016, and Microsoft 365 Hosted Exchange. This release also features new client and server-side demo files and a new Developer's Guide, Functions Guide, and Migration Guide for assistance integrating the plug-in. Scripting changes are required for those interested in migrating from using Outlook Manipulator to using Exchange Manipulator SE.
      Key features of Exchange Manipulator SE:
      · Import and parse emails from Exchange into FileMaker to create a complete archive of all email correspondence
      · Send plain text or HTML formatted emails with multiple attachments from FileMaker
      · Having your FileMaker data in Exchange allows all Exchange connected devices access to that data
      · Send official Exchange meeting requests and cancellations directly from FileMaker
      · Accept, decline, and tentatively accept meeting Exchange invitations
      · Push or pull tasks and notes between FileMaker and Exchange
      · Set due dates for tasks and mark tasks as complete
      · Get and set contact images
      · Push and pull information from any device using FileMaker Pro, Go, and WebDirect
      · Send email "On Behalf of" or "From" another user in the Exchange environment
      · Save messages as .eml files (allows you to archive your email in a FileMaker container or elsewhere)
      · Send official Exchange meeting requests to required and optional attendees
      · Set reminder rules to utilize the pop-up reminders within your chosen calendar application
      Benefits of a Server license include:
      · Added convenience of installing the server plug-in on one machine
      · Unlimited users on one server
      · Ability to automatically update changes to users' Exchange mailboxes using FileMaker Server's scripting engine 
      · Communicate directly to Exchange without requiring Outlook
      · Communicate directly to any Exchange mailbox 
      The Exchange Manipulator SE plug-in is available for an annual price of $3,000 for a Server license. The Server license includes a free copy of the client-side plug-in for development and authentication purposes. For more information on the Exchange Manipulator SE plug-in and to download a demo, visit www.exchangemanipulator.com or call 760-510-1200.
      FileMaker Pro Support and Plug-in Integration:
      Do you have database enhancements you would like to have programmed?  Want help getting a plug-in professionally installed into your FileMaker solution?  We can help!
      The process is easy - complete our online Request For Quote form (RFQ) or call us directly at (760) 510-1200 and one of our certified developers can work with you on improving your solution today.
      About Productive Computing, Inc.
      Since 1996, Productive Computing, Inc. has been helping its customers become more efficient and profitable by implementing custom software solutions using FileMaker Pro. Utilizing FileMaker Pro as a rapid application development tool, their certified FileMaker developers can create custom applications that a business can run on their Windows or Macintosh desktop computers, in a web browser, on an iPad or iPhone or shared simultaneously on all of these platforms.
      Productive Computing, Inc. also produces Core4 CRM and Core5 Starter Edition, two off-the-shelf productivity solutions designed to automate your workflow, as well as a suite of FileMaker Pro plug-ins that allow FileMaker Pro to integrate with third party applications including Outlook, QuickBooks, Apple Contacts and Calendar, PDF forms, digital signatures, and biometric fingerprint scanners.
      In addition, Productive Computing, Inc. is a full-service FileMaker Pro hosting company. FileMaker hosting services allow customers to host their own FileMaker Pro solutions on Productive Computing servers in the cloud instead of purchasing and supporting the necessary server infrastructure themselves. These same servers also provide the infrastructure for customers who would prefer to subscribe to Productive Computing's Core4, Core5, or Vessel Service Solutions under a SaaS (Software as a Service) pricing model.
      Productive Computing, Inc. is one of only a few companies in the United States to have earned the highly respected Platinum level membership within the FileMaker Business Alliance and recently won the exclusive FileMaker Business Alliance Partner of the Year award.
      Productive Computing, Inc.
      950 Boardwalk, Suite 205
      San Marcos, CA 92078
      (760) 510-1200
      Press Contacts:
      Productive Computing, Inc.
      Keith Larochelle
      (760) 510-1200
      # # #
    • By cnschulz
      In an effort to figure out how SSL works with filemaker I have enabled the default SSL cert that comes with filemaker. Unfortunately I am still presented with an SSL error when I connect to the databases hosted on the server (see image). What steps am I missing in order to get this certificate to work? I understand this is a "not for production" certificate however it is in date and valid and we are using it to see how a production installation would be achieved. FM Server 16, FMPro 16 Windows server 2012.
      In order to reproduce the error we:
      1. Enabled SSL on the FM server
      2. Restarted the service
      3. Checked SSL certificate in FM admin console
      4. Connected to server using client

      Any help appreciated. 
    • By cnschulz
      We are running FM server 16 with FM pro 16 and FM Go 16 clients. We have do not use SSL certs as yet. When opening databases on the go client, the user is presented with a dialog stating that the connection is not secure and would they like to proceed. Secondly, programmatic access to the server is failing due to this new error being returned from the first "ping" of the server. I understand this is normal behaviour but obviously we want to get rid of this.
      We need to sign our server. The problem is that it is used on the intranet only and CA's will not sign machines that are not public facing. We will not be making our server public facing.
      What are the best practices surrounding getting this machine certified?
      Any help appreciated.
    • By bennyj710
      I have just created an e-commerce site and is it required to encrypt SSL certificate to it. Are there any free options for it?

Important Information

By using this site, you agree to our Terms of Use.