Jump to content
Sign in to follow this  
Hijack

Install Certs in FM16

Recommended Posts

Hijack    1
Posted (edited)

Wow.  Doesn't look like this board has seen any posts in several months.  Well, here goes.

Trying to get our FM16 server happy with ssl since it's more gripey about that sort of thing now.  Our company has a proper public wildcard cert purchased via Network Solutions.  I have the private and public keys separated out for easy access and the intermediate certs for the CA.

I am able to install the certs in the FM server console without issue but I only seem to be able to specify the first CA intermediate cert - "...OV Server CA 2" in the attached screenshot.  I have tried following the chain concatenation instructions here: https://help.filemaker.com/app/answers/detail/a_id/11413/

I have had to concatenate certs into a single file before for other apps so it's a familiar thing for me.  But, not matter what order I concatenate the chain certs into a single file the FM16 console isn't happy with it.  Always says it can't import the ",,,OV Server CA 2" cert.  So, I have tried to specified just the "...OV Server CA 2" cert as the intermediate and I have even tried configuring the cert options without any intermediate and just referenced the private and public keys.  Those imports work... however...

When I connect to the server with the full FM16 client, I get the warning that 'FileMaker Pro can't verify the identity of "host.server.com:5003" '

When I view the cert presented on that warning dialog, it seems clean.  No host name warnings, no untrusted intermediary, all good.  I can continue on with the connection but the lock icon is red which is annoying.

So the question is...  How do I figure out what the fat client is unhappy with?  Heck, the cert chain thing may not even be related to this issue with the fat client.  Could just be a red herring.

Any clues?

Thanks all.

 

P.S. Connecting via WebDirect in a browser goes cleanly.  The cert is presented by FMS and the browser is happy with it so again, not sure why the fat client isn't happy.

-David

CertHierarchy.png

Edited by Hijack

Share this post


Link to post
Share on other sites
Hijack    1
Posted (edited)

I tinkered around and figured out a workaround.  Manually installing all of the intermediate certs to the Local Computer - Trusted Root Certification Authorities store has made the fat client happy.  Not sure why a browser is happy with the cert without that manual action but the fat client isn't.  But, anyway, that's a way of dealing with it for now.  Not optimal since it requires either a GPO to push out our intermediate certs or manually adding them to workstations that hit our FM16 server.

Edited by Hijack

Share this post


Link to post
Share on other sites
Wim Decorte    455

You don't need to try and concatenate the intermediate cert into one file for regular FMS, that's needed only for the FM Cloud edition of FMS.

For regular FMS; you do need to import the intermediate cert, the regular cert (there's a button for each on the import dialog).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.