Jump to content

Recommended Posts

cnschulz    0

Gday, 

 

We are running FM server 16 with FM pro 16 and FM Go 16 clients. We have do not use SSL certs as yet. When opening databases on the go client, the user is presented with a dialog stating that the connection is not secure and would they like to proceed. Secondly, programmatic access to the server is failing due to this new error being returned from the first "ping" of the server. I understand this is normal behaviour but obviously we want to get rid of this.

We need to sign our server. The problem is that it is used on the intranet only and CA's will not sign machines that are not public facing. We will not be making our server public facing.

What are the best practices surrounding getting this machine certified?

Any help appreciated.

Share this post


Link to post
Share on other sites

Maybe you can check out: https://www.globalsign.com/en/blog/certificates-for-internal-servers/ and https://www.globalsign.com/en/ssl/intranetssl/ to obtain a GlobalSign IntranetSSL certificate. I have not used it myself, I use Lets Encrypt, but my domains are public so I personally don't have your problem.

 

Hope this helps you :-)

Share this post


Link to post
Share on other sites
cnschulz    0

Thanks! I have checked that out and a few other places. IntranetSSL *seems* possible but I have read a few posts here about having to import multiple levels of key etc. Im also wondering if there is any impact on the array of clients such as FM Go and Desktop. Do they need to have anything configured at all?

Share this post


Link to post
Share on other sites

I honestly don't know. As I wrote, my domains are public and I use Lets Encrypt.

 

My setup is like this:

I have one Linux webserver where I host several websites, including the domain-names I used on my 3 filemaker-servers (2 x Windows 2012 and 1 Windows 2016). The certificates are renewed automatically once every three months and once every 3 months I import the renewed certificates in my FmServers.

My router runs also an internal DNS-service and only 1 FmServer is actually reachable from the external internet. The internal DNS-server routes all internal call to any of the FmServers directly to the appropriate server.

Internally in my network I can run Advanced/Pro/Go and WebDirect with Green locks.

Externally I can connect using Advanced/Pro and Go only to my first FmServer, the other domains cannot be reached with an FM-client. CWP and Webdirect can be used for all 3 domains, but that is achieved by the reverse-proxy I have running on my Linux-webserver.

 

As you can understand I don't have a typical setup, but it works fine for me, mainly because I have the webserver that requests the certificates for me and auto-renews them. The only thing I do is to import the new certificates every now and then.

 

I think if you'd like to try a setup similar like the one I have, that you may consider running a dedicated webserver somewhere (doesn't have to be on premise) and copy the certificates you have been issued for that webserver to your FmServer. Make sure that the FQDN is used on that FmServer is the same as you "specially dedicated" webserver and configure your internal DNS to route all internal calls to FQDN directly to the FmServer in stead of the webserver. In essence that is what I did in my setup.

 

kind regards, Menno

Share this post


Link to post
Share on other sites
cnschulz    0

Thanks Menno, 

While this setup matches my home setup closely, its not "best practices" as you have stated. We do not have any externally accessible FM servers. 

If anyone has successfully created and used an IntranetSSL cert with filemaker I'd love to hear from them! 

Share this post


Link to post
Share on other sites
Guest noya   
Guest noya

One of techniques you can use, is to hire a programmer to create a middle appliation in between you server and Website server.

The program is running locally and listen to the website requests, and fullfills the requests.

طراحی سایت

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   You have pasted content with formatting.   Remove formatting

  Only 75 emoticons maximum are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By cnschulz
      Gday, 
      In an effort to figure out how SSL works with filemaker I have enabled the default SSL cert that comes with filemaker. Unfortunately I am still presented with an SSL error when I connect to the databases hosted on the server (see image). What steps am I missing in order to get this certificate to work? I understand this is a "not for production" certificate however it is in date and valid and we are using it to see how a production installation would be achieved. FM Server 16, FMPro 16 Windows server 2012.
      In order to reproduce the error we:
      1. Enabled SSL on the FM server
      2. Restarted the service
      3. Checked SSL certificate in FM admin console
      4. Connected to server using client


      Any help appreciated. 
       
    • By 123
      Hey,
      I started working with FileMaker a while ago and so far it's been pretty fun and fairly easy to learn because I worked with MySQL in the past. However, there are still a few questions I have. I'm used to having complete freedom when it comes to databases, because in Python or C++ for instance I would simply write my own queries and get whatever data I need, no matter if a database is related to another or not. Anyway, the flexibility is still what causes me some problems. I have the following problem.
      I'm working on an ERP (Enterprise Resource Planning) software for the owner of several restaurants. I need to have the following tables to start with:
      Restaurants Employees Jobs Visa Health Insurances Meetings Now, the person using the solution needs to be able to create as many restaurants, employees, jobs and meetings as they want and assign them to each other. For instance, Restaurant A is going to have 5 employees, Employee A, B, C, D, E and so on, and all these employees will have one or multiple (this is really important) jobs assigned to them. This process has to be flexible, so I can assign an employee to whichever restaurant and job I choose. You also need to be able to assign one or more visa to a job (and the assigned employee), the same goes for one or more health insurances. The next problem is about meetings. Each restaurant needs to be able to have meetings every once in while, which need the ability to keep track of employees that attend the meeting. So you should be able to select employees form a portal or card window (in FM16 for instance) and they will be added to another table MeetingAttendees or something similar. Again, this needs to be flexible so every restaurant can create meetings and check which employee is present. (I need to be able to create a layout to display the meetings and who has been present, if possible also to see who wasn't).
      Normally I would simply take the IDs and create tables that join these iDs together, however I'm not able to recreate this in FileMaker, if one relationship works, the other breaks for some reason. If anyone could give me a simple layout of what my database needs to look like, or if possible and not too much to ask an example in FileMaker. Your help is much appreciated.
      Thanks in advance,
      Mike
    • By bennyj710
      I have just created an e-commerce site and is it required to encrypt SSL certificate to it. Are there any free options for it?
       
       
    • By 123
      Hey,
      what happens if I create a solution in FM16 and use the "Card Window" feature and someone else who still has FM15 wants to work with my solution? Will this work or is it not even possible to run the FM16 solution?
      Thanks in advance,
      Mike
    • By laurentades
      I am working on a project which requires me to make SOAP calls from FileMaker.
      I have successfully done that in the past thanks to ScriptMaster ability to handle that. It works beautifully.
      The new project now requires me to include a client certificate - issues by the SOAP API provider - in each requests. The documentation on their side is fairly scarce ("Install the certificate on your host" !).
      I have no idea how to handle that but something tells me that there is no reason why it would not be possible to "include" the certificate in the Groovy bit of the plugin...
      Any idea anyone ?
      Thanks
×

Important Information

By using this site, you agree to our Terms of Use.