By Jim Gill
Hello All - I have a wildcard cert from Godaddy for my domain. I have successfully reinstalled this cert on Server 17 by using the White Paper from Steven & Wim - thank you! My issue is this: I would like to use the certs/key on other machines/platforms but adding the keyfilepass is causing issues with my linux firewall -> PFSense.
I have tried omitting the keyfilepass option however the CLI tells me this is a problem.
Is there a way to generate the CSR without using the keyfilepass option? This would give me more options on the other machines.
By Peter Wagemans
Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs.
I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate.
There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally.
FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4.
There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy.
It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure.
Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.
I just installed FM Server 17 on a machine (running Windows 2016 Server) to test everything out. During the installation, there are a number of warnings to click through if you don't have an SSL Certificate to install at the time of installation. Everything installed / is working fine . . . except logging into the Admin Console remotely. There's no SSL Certificate. I read someplace about generating one using the Command Prompt typing "fmsadmin certificate create", but I'm getting error messages when I try. I'm a relative newbie when it comes to SSL Certificates, so could someone please walk me through the steps of creating and installing an SSL Certificate for FM Server 17?
I am viewing a records location through What3Words and the web viewer performs as expected on OS X 10.10.x and 10.11.x but when I put the file on OS X High Sierra the web viewer gives the error, "SSL Error, Unable to create a secure connection to the server". All connections are from the same location. Can anyone assist please
Hi, I've just upgraded to Filemaker Server 16 and installed an SSL certificate for client/server communications. However, I am confused by the documentation when it comes to communication between the Server and the Filemaker XML API. We're currently making these calls from another server over http, and would like to ensure they are secure.
I've attempted changing these requests to be over https but this seems to fail - I haven't investigated where exactly (if it's a limitation of the PyFilemaker Python library we're using or the fact that the connection is not actually secure).
Would enabling it for clients also provide security on the API side? Could anyone provide some guidance on where I can look for information on this?
Thanks in advance!