fms17 SSL Certificate Installation FM Server 17

[sdutton]

I just installed FM Server 17 on a machine (running Windows 2016 Server) to test everything out.  During the installation, there are a number of warnings to click through if you don't have an SSL Certificate to install at the time of installation.  Everything installed / is working fine . . . except logging into the Admin Console remotely.  There's no SSL Certificate.  I read someplace about generating one using the Command Prompt typing "fmsadmin certificate create", but I'm getting error messages when I try.  I'm a relative newbie when it comes to SSL Certificates, so could someone please walk me through the steps of creating and installing an SSL Certificate for FM Server 17?

[Ocean West]

 

Here is a tool that an walk you thru the SSL certificate request and installation

https://thebrainbasket.com/?p=549

 

[cat traveller]

That whitepaper is an excellent source to get this started. 

However I cannot get my Filemaker17 Server to install the certificate. 

 

- I ran fmsadmin to create the CSR request

- I pasted the CSR to the CA authority, using Thawtes SSL 123 certificate

- chose Signature hash algorithm: SHA-256 SH1

- downloaded the certificate.

However filemaker does not accept the certificate:

"either the certificate file is wrong or the private key file cannot be used with the password"

 

From what I see I am doing everything right :(

 

Has anyone had the same problem?

 

Thanks a lot

[Ocean West]

did you get you intermediate certificate? 

 

[cat traveller]

Yes, absolutely. The Thawte comes only with two files, the certificate and the intermediate certificate.

Thanks

[Ocean West]

The private key is in your cs store folder. 

I used this file to generate the csr and used the console to import the three files you must use the password you entered when generating the csr. 

[cat traveller]

I used text editor to open serverrequest.pem 

used this to paste the key into thawte 

and then on filemaker import used the certificate from thawte

the private  key - serverkey pem 

and the intermediate certificate,

 

Still did not work, sorry

[Ocean West]

In the past I have had to re-issue a certificate either because the password was wrong or there was some issue with the copy & paste.

You may need to restart the process and delete prior CSR's either in the admin panel or via the command line - a restart of the machine for good measure. 

Generate CSR with your provided details and password.

Use a text editor to copy the CSR and send that to the provider.

If the provider sends you the CERT via email and you are using a BROWSER based email client please make sure you copy the CERT and use a plain text editor to save the cert.

Grab the intermediate cert: https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=INFO1384#lightbox-03

I believe FMS needs SHA2 under SHA-1 Root - that's the one that worked for me.

 

[cat traveller]

as weird as it gets some days, omitting a $ sign in the password for the SSL certificate did it for me together with the concentated root and intermediate that I got from Thawte. 

 

Solved- thanks