Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 1628 days old. Please don't post here. Open a new topic instead.

Recommended Posts

  • Newbies
Posted

Hi,

When is it recommended to create an SSL certificate and why?

Currently running a couple small files - mostly project management stuff - with a couple inhouse computers. We're not hosting anything on the web or connecting anywhere outside of the physical building where the server is located. The set up is a mac mini server thats running FMS 18, connecting to about four iMacs.

How important is the encryption?

Can other people get on the server and use the files?

Can they alter the files or the servers if the files are required to sign in to access?

 

Kind regards,

Filo

 

  • Newbies
Posted

To clarify, I'm already hosting a file, with two other users to the main file on the server.

Just curious if someone unwanted would be able to see the password and username being filled in and later on do it themselves to mess the file up.

Posted

The point of installing an SSL certificate is essentially to protect you from "man-in-the-middle" attacks, i.e. someone impersonating your server. What you describe sounds like relatively low risk. The question is what level of risk you're willing to accept vs. spending less than $100/yr (domain + godaddy cert) for "doing it right."

https://www.soliantconsulting.com/blog/demystifying-ssl/

Welcome to the forums.

Posted
On 2/28/2020 at 1:45 PM, filomena said:

Hi,

 

How important is the encryption?

 

 

An SSL certificate encrypts the traffic as it flows between the client and the server This is also known as 'encryption in transit'.  There is another form of encryption that protects the file on the server (and its backups): encryption at rest (EAR).  If you are worried that people can get access to the server itself then you can use EAR in addition to an SSL cert.

As to you question about what they can do to the files: keep in mind that there re two separate things: authentication and authorization.  in FM terms the authentication is the username and pw.  Authorization is what is defined in the privilege set.

If the file is not set to auto-login then someone would need to know a set of credentials that works.  What they can do in the file once in then depends on the rights given to them with the priv set.

  • 4 weeks later...
Posted

I am running server 17 on a Mac mini with no issues. I have about 7 Macs in my office that regularly access the FM Server internally, however, I access my data from my home computers and iPhones and iPads, and we use Web Direct a lot so clients can log in through the web and see live job statuses when they please...without SSL, its beyond frustrating to connect with a web browser. So I have to have use SSL certificates. It is also beyond frustrating to add a certificate...mine just expired so I have to go through the pain again. While I am not actually worried about being hacked, etc....security is always a good thing. The certificate is around $100 and a few hours of pain.

Posted

There's many cheaper certificates that are supported.  You can get them for around $10.

It also shouldn't take hours, so do let us know what parts you are struggling with. Especially around renewals.  The vendor just gives you a new key, you issue an FMSADMIN CERTIFICATE DELETE on your server and use the admin console UI to import the new cert using the old serverKey.pem

I just did two of them yesterday, took me less than 10 minutes to do both.

A common misunderstanding is that people think that you need to start the whole process again when your cert expires: generate a CSR, rekey the cert.  You don't.  Just save the serverKey.pem from your original CSR generation and just import the new cert that the vendor automatically gives you.  As long as you don't change the name on the cert you don't need a new CSR.

Posted
1 hour ago, Wim Decorte said:

There's many cheaper certificates that are supported.  You can get them for around $10.

It also shouldn't take hours, so do let us know what parts you are struggling with. Especially around renewals.  The vendor just gives you a new key, you issue an FMSADMIN CERTIFICATE DELETE on your server and use the admin console UI to import the new cert using the old serverKey.pem

I just did two of them yesterday, took me less than 10 minutes to do both.

A common misunderstanding is that people think that you need to start the whole process again when your cert expires: generate a CSR, rekey the cert.  You don't.  Just save the serverKey.pem from your original CSR generation and just import the new cert that the vendor automatically gives you.  As long as you don't change the name on the cert you don't need a new CSR.

Hey....who do you recommend for an SSL? I am starting the process over. Was about to purchase a FM certified certificate, they are around $200...but you mentioned $10 ones. Thanks...much appreciated!

Posted

There are many SSL shops around, as long as you pick one from the supported list of issuers you'll be fine.  My situation is not typical since I usually deal with multi-server deployments so I almost always work with wildcard certs or SAN certs, I typically us GoDaddy for those.

  • 2 months later...
Posted (edited)

You can have certs for free, here is how to do this on a Mac, with my comments: https://gist.github.com/TyrfingMjolnir/01c5f47693f1096991c3c21c20d137cf the script is by David Nahodyl, Blue Feather

And you should have your certificates for free as the non-free ones adds a party to the chain that is not necessarily desirable. Let us hope that Let's Encrypt does a better job than LinkedIn when it comes to keeping track of your credentials.

Ideally you should be able to run some sort of command to stop FileMaker Server that you can time for your solution, avoiding to start the database before fully stopped.

My 2 cents worth: Let's Encrypt or any similar programmatical way of signing.

Edited by ggt667

This topic is 1628 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.