Jump to content
Sign in to follow this  
Jay

SSL for FMServer setup guidelines?

Recommended Posts

I've done a search in this forum for "SSL" and it returns no result. So I'll start this thread:

Has anyone posted a step by step guideline on how to implement SSL for FileMaker Server? If not, it would be very helpful, at least for me.

I am familiar with generating the request from the FileMaker Server Admin Console. I am familiar with submitting the generated pem key to the GoDaddy service, who then generates a certificate for a price. I am familiar with placing said certificate in the correct folder on the server. However, that's where I leave off. There's some final steps missing, I don't know what they are. But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow. No idea what those steps would be. Any insight would be appreciated. 

 

Thank you

 

Share this post


Link to post
Share on other sites
1 hour ago, Jay said:

I am familiar with placing said certificate in the correct folder on the server.

That's where your process fails.  You don't place the certificate into the 'correct' folder.  You use the FMS admin console or the fmsadmin command line to import the certificate.  That process takes are of putting the cert where it belongs.

 

See instructions here:

http://help.filemaker.com/app/answers/detail/a_id/14174

 

1 hour ago, Jay said:

But we need to somehow "connect" the domain name we submitted when buying the certificate (www.something.com) , to the actual server we are using (it only has a static IP address), somehow.

This sounds like you haven't configured the DNS properly.  That's not strictly speaking part of the SSL config process which is why you won't find any instructions on it by searching for SSL help.  There is also not a simple answer for this because it depends on your DNS management.  If you have no idea how that works then your best bet is to find someone locally with DNS experience.

Share this post


Link to post
Share on other sites

Sorry, incorrect phrasing for brevity. This has been done.  It's been generated and imported. That part is long complete.

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

Thank you

Share this post


Link to post
Share on other sites
1 hour ago, Jay said:

My question remains: How to we "make the connection" between the domain name we used for the certificate (www.something.com) and the actual IP address of that server?

 

In DNS management.

You keep mentioning "www." Your cert will be for "something.com" I'm assuming without the 'www', is that correct?  Is it a wildcard cert?

Do you want people to have a valid encrypted connection to the website www.something.com?  Or are we talking about FMP connections inside the network to an FMS on a machine named someserver.something.com?

 

Share this post


Link to post
Share on other sites

Excellent questions, Wim. It is in fact something.com without the www.  I am not sure if it's a wildcard cert, but the domain will not be hosting any web sites or other services, nor will it have other TLD's.  Just plain something.com dedicated to FileMaker. The goal is for filemaker client access from across the internet, through SSL to our FileMaker Server. I am assuming that we will (eventually) enter something.com under Open Remote instead of the IP address. 

When hitting the server via the IP address, it connects, but of course gives us a warning about a certificate mismatch - I am assuming that's because we are using the server's IP instead of something.com.

I believe the only thing we would need to do is mess with the DNS at the registrar, tell them that something.com needs to resolve to a specific IP address and then that's it, it should work at that point?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By Jim Gill
      Hello All - I have a wildcard cert from Godaddy for my domain.  I have successfully reinstalled this cert on Server 17 by using the White Paper from Steven & Wim - thank you!  My issue is this: I would like to use the certs/key on other machines/platforms but adding the keyfilepass is causing issues with my linux firewall -> PFSense.  
      I have tried omitting the keyfilepass option however the CLI tells me this is a problem.  
      Is there a way to generate the CSR without using the keyfilepass option?   This would give me more options on the other machines.
      Thank you!
      Jim
       
    • By Peter Wagemans
      Because I have only 1 external IP address in the office here, I have set up a reverse proxy on my Sophos UTM 9 firewall, they call it WAF or Web Application Firewall. In this setup, you define a number of "real" web servers with their internal IP addresses, you also define a number of "virtual" web servers by DNS name m type ( http or https ) and port ( 80, 443, or whatever you would like). This works great if you want to host different web servers on different internal machines. BTW they are all VMs.
      I also configured this for FileMaker Server, so everything https related is nicely routed to the fms machine. That also works great, apart from 1 small thing. The client complains about the certificate.
      There is nothing wrong with the certificate, as this works fine when I connect to the server internally ( using the same DNS name of course ). Everything nicely green. It only goes wrong when contacting it externally.
      FileMaker shows an error dialog that it cannot verify the identity of the server. See screen 1. When I click on "View Certificate" it shows perfectly fine certificates, as shown in screen 2, 3 and 4.
      There must be something wrong with the way the firewall is implementing the reverse proxy. I think I configured it correctly: I am passing the host headers, and the virtual filemaker site is correctly associated with the wildcard certifcate, just like the regular virtual apache web site that I am running as well and which gives not problems whatsoever. Someone at the Sophos forum indicated that perhaps the firewall is inserting some certificate information that is not making FileMaker itself happy.
      It appears to me that FileMaker is using 2 technologies here, one that is a custom FileMaker certificate client, which is detecting something it doesn't like, and the "View Certificate" dialog is almost certainly using standard system software ( webkit? ) and decides everything is fine. They are not agreeing with each other, that is for sure.
      Are there any IT people on this forum who have set up something like this? Any help is very much appreciated.




    • By sdutton
      I just installed FM Server 17 on a machine (running Windows 2016 Server) to test everything out.  During the installation, there are a number of warnings to click through if you don't have an SSL Certificate to install at the time of installation.  Everything installed / is working fine . . . except logging into the Admin Console remotely.  There's no SSL Certificate.  I read someplace about generating one using the Command Prompt typing "fmsadmin certificate create", but I'm getting error messages when I try.  I'm a relative newbie when it comes to SSL Certificates, so could someone please walk me through the steps of creating and installing an SSL Certificate for FM Server 17?
    • By Oyseka
      Hi All,
      I am viewing a records location through What3Words and the web viewer performs as expected on OS X 10.10.x and 10.11.x but when I put the file on OS X High Sierra the web viewer gives the error, "SSL Error, Unable to create a secure connection to the server". All connections are from the same location. Can anyone assist please
    • By Visionjcv
      Hi, I've just upgraded to Filemaker Server 16 and installed an SSL certificate for client/server communications. However, I am confused by the documentation when it comes to communication between the Server and the Filemaker XML API. We're currently making these calls from another server over http, and would like to ensure they are secure.
      I've attempted changing these requests to be over https but this seems to fail - I haven't investigated where exactly (if it's a limitation of the PyFilemaker Python library we're using or the fact that the connection is not actually secure).
      Would enabling it for clients also provide security on the API side? Could anyone provide some guidance on where I can look for information on this?
      Thanks in advance!
×

Important Information

By using this site, you agree to our Terms of Use.