Jump to content
Sign in to follow this  
Jay

SSL for FMServer setup guidelines?

Recommended Posts

I've done a search in this forum for "SSL" and it returns no result. So I'll start this thread:

Has anyone posted a step by step guideline on how to implement SSL for FileMaker Server? If not, it would be very helpful, at least for me.

I am familiar with generating the request from the FileMaker Server Admin Console. I am familiar with submitting the generated pem key to the GoDaddy service, who then generates a certificate for a price. I am familiar with placing said certificate in the correct folder on the server. However, that's where I leave off. There's some final steps missing, I don't know what they are. But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow. No idea what those steps would be. Any insight would be appreciated. 

 

Thank you

 

Share this post


Link to post
Share on other sites
1 hour ago, Jay said:

I am familiar with placing said certificate in the correct folder on the server.

That's where your process fails.  You don't place the certificate into the 'correct' folder.  You use the FMS admin console or the fmsadmin command line to import the certificate.  That process takes are of putting the cert where it belongs.

 

See instructions here:

http://help.filemaker.com/app/answers/detail/a_id/14174

 

1 hour ago, Jay said:

But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow.

This sounds like you haven't configured the DNS properly.  That's not strictly speaking part of the SSL config process which is why you won't find any instructions on it by searching for SSL help.  There is also not a simple answer for this because it depends on your DNS management.  If you have no idea how that works then your best bet is to find someone locally with DNS experience.

Share this post


Link to post
Share on other sites

Sorry, incorrect phrasing for brevity. This has been done.  It's been generated and imported. That part is long complete.

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

Thank you

Share this post


Link to post
Share on other sites
1 hour ago, Jay said:

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

 

In DNS management.

You keep mentioning "www." Your cert will be for "something.com" I'm assuming without the 'www', is that correct?  Is it a wildcard cert?

Do you want people to have a valid encrypted connection to the website www.something.com?  Or are we talking about FMP connections inside the network to an FMS on a machine named someserver.something.com?

 

Share this post


Link to post
Share on other sites

Excellent questions, Wim. It is in fact something.com without the www.  I am not sure if it's a wildcard cert, but the domain will not be hosting any web sites or other services, nor will it have other TLD's.  Just plain something.com dedicated to FileMaker. The goal is for filemaker client access from across the internet, through SSL to our FileMaker Server. I am assuming that we will (eventually) enter something.com under Open Remote instead of the IP address. 

When hitting the server via the IP address, it connects, but of course gives us a warning about a certificate mismatch - I am assuming that's because we are using the server's IP instead of something.com.

I believe the only thing we would need to do is mess with the DNS at the registrar, tell them that something.com needs to resolve to a specific IP address and then that's it, it should work at that point?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Similar Content

    • By Cheyanne
      I am trying to use the following but I am getting the attached error:
      GetURLasContainer( "https://generator.barcodetools.com/barcode.png?gen=1&data=A31254&bcolor=FFFFFF&fcolor=000000&qsize=1&xdim=1&w=&h=&fmt=0&mode=0&angle=0&quiet=1&alignh=1&alignv=1" )

    • By ggt667
      As I was not able to make the GUI approach in beezwax blog to work; I wrote this blog / HOW-TO on how to sign your own certificate mainly on command line: https://github.com/TyrfingMjolnir/SelfSignedCert
      I wrote this blog / HOW-TO after doing a deployment for a KYC( Know Your Client ) system for a financial institution.
    • By ggt667
      I chose to suppress the SSL warning for a given host in my FileMaker 16 Pro Advanced.
      Which file can I edit or remove for FileMaker to forget that I chose to suppress invalid SSL warning?
    • By Jim Gill
      Hello All - I have a wildcard cert from Godaddy for my domain.  I have successfully reinstalled this cert on Server 17 by using the White Paper from Steven & Wim - thank you!  My issue is this: I would like to use the certs/key on other machines/platforms but adding the keyfilepass is causing issues with my linux firewall -> PFSense.  
      I have tried omitting the keyfilepass option however the CLI tells me this is a problem.  
      Is there a way to generate the CSR without using the keyfilepass option?   This would give me more options on the other machines.
      Thank you!
      Jim
       
    • By Peter Wagemans
      Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs.
      I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate.
      There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally.
      FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4.
      There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy.
      It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure.
      Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.




  • Who Viewed the Topic

    4 members have viewed this topic:
    AlesD  xochi  sal88  rivet 
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.