By Peter Wagemans
Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs.
I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate.
There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally.
FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4.
There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy.
It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure.
Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.
I just installed FM Server 17 on a machine (running Windows 2016 Server) to test everything out. During the installation, there are a number of warnings to click through if you don't have an SSL Certificate to install at the time of installation. Everything installed / is working fine . . . except logging into the Admin Console remotely. There's no SSL Certificate. I read someplace about generating one using the Command Prompt typing "fmsadmin certificate create", but I'm getting error messages when I try. I'm a relative newbie when it comes to SSL Certificates, so could someone please walk me through the steps of creating and installing an SSL Certificate for FM Server 17?
I am viewing a records location through What3Words and the web viewer performs as expected on OS X 10.10.x and 10.11.x but when I put the file on OS X High Sierra the web viewer gives the error, "SSL Error, Unable to create a secure connection to the server". All connections are from the same location. Can anyone assist please
Hi, I've just upgraded to Filemaker Server 16 and installed an SSL certificate for client/server communications. However, I am confused by the documentation when it comes to communication between the Server and the Filemaker XML API. We're currently making these calls from another server over http, and would like to ensure they are secure.
I've attempted changing these requests to be over https but this seems to fail - I haven't investigated where exactly (if it's a limitation of the PyFilemaker Python library we're using or the fact that the connection is not actually secure).
Would enabling it for clients also provide security on the API side? Could anyone provide some guidance on where I can look for information on this?
Thanks in advance!
In an effort to figure out how SSL works with filemaker I have enabled the default SSL cert that comes with filemaker. Unfortunately I am still presented with an SSL error when I connect to the databases hosted on the server (see image). What steps am I missing in order to get this certificate to work? I understand this is a "not for production" certificate however it is in date and valid and we are using it to see how a production installation would be achieved. FM Server 16, FMPro 16 Windows server 2012.
In order to reproduce the error we:
1. Enabled SSL on the FM server
2. Restarted the service
3. Checked SSL certificate in FM admin console
4. Connected to server using client
Any help appreciated.