mac | pc Latest FM 13 security update

Rick Whitelaw · April 6, 2015

I'm missing something here.i received an email from FMI about the latest update and followed the links etc. I run FMS with SSL turned on. The default certificate is used I assume. Now it seems the cert is only good for testing. Has this always been the case? Ami to assume that I must now purchase a third party certificate to use SSL effectively?

Wim Decorte · April 6, 2015

Yes, you should purchase a certificate for your client deployments. For your own dev/test rig: that's up to you and your evaluation whether the data there is vulnerable/important.

With a custom certificate you have more control over the fact that the clients can verify that they are in fact talking to the right FMS.

Josh Ormond · April 6, 2015

"the only secure way to connect" I believe is the line they used.

Rick Whitelaw · April 6, 2015

Thanks Wim.

I'm the only client. I don't suppose that makes a big difference since transmission of data is transmission of data no matter how one slices it. If there's anything further please reply.

mr_mike · April 9, 2015

Can a self signed certificate be used? We have the ability to generate these for all our servers.

Thank you

Josh Ormond · April 9, 2015

FileMaker has a built in list of CA and Certificates it can use...if I understand it correctly.

Claus Lavendt · April 13, 2015

To anyone interested, Richard and I shot a video today, that he will publish at the end of the week.
I wrote a very simple guide and tool, which you can find on this link:

http://www.datamanix.com/news/files/fms-certificate-guide-tool.html

Wim Decorte · April 13, 2015

Good stuff Claus. What do you do with with the "intermediate certificate" that you get from the CA?

Claus Lavendt · April 13, 2015

Thank you.

Well, I don't do anything with the "intermediate certificate" as you do not always get such from the CA.

But if you go with FM supported certificates it seems that FMS has the intermediate certificates for them.

I have only tested SSL 123 from Thawte, though.

Please feel free to contribute as much as you want. DevCon un-conference could maybe be a venue for a workshop/talk about this area ?

Ocean West · April 18, 2015

I used the tool @Claus Lavendt and everything worked fine but i am getting an error that i hand't seen -

Quote
This certificate does not match the key file [Error: -1 (Internal error)]

not sure the proper remedy.

Saubs · April 21, 2015

I know that FM Pro 13.0v9 can't open a database hosted on FM Server 13.0v5. But is the inverse true as well? That is, can FM Pro 13.0v5 open a database that's hosted on FMS 13.0v9?

Many thanks--

Claus Lavendt · April 21, 2015

The first is only true if SSL is enabled on FMS and using the default FMI certificate.

FMP(A) 13.0v5 CAN open files on FMS 13.0v9

Bear in mind that there is only an issue, if SSL is enabled on the server and you are using default FMI certificate.

If you want to enable SSL on the server, you should install a custom certificate.

Richard Carlton and I did a video on how to do that.

Claus Lavendt · April 21, 2015

Stephen, it sounds like you have run the command again, after sending off the Certificate Request file to the vendor, where you want to puchase your certificate.

This could result in the keyfile being generated again, which will then not match your signed certificate.

Create a new CSR file with the first command. -> ask your SSL vendor to re-issue your certificate, using the new CSR file -> when recieving the signed certificate, use that to install with the second command. Make sure to read both the guide and the notes in the tool as it makes some assumptions to both naming and place for the signed certificate file.

If you are new to SSL, the video Richard and I did, provides some basic explanations to what it is.

Steven H. Blackwell · April 22, 2015

Latest Update http://thefmkb.com/14358. Version 12 now included. Please read the instructions carefully.

Steven

Ocean West · April 23, 2015

@Claus Lavendt et al - I discovered what the issue was. The Certificate came back from the CA via email - which was received on a 'web based' email client and the copy operation included random invisible characters. Pasting as plain text into a text editor did strip out these characters and was able to properly install the certificate.

James Gill · April 29, 2015

On 4/22/2015 at 2:27 PM, Steven H. Blackwell said:

Latest Update http://thefmkb.com/14358. Version 12 now included. Please read the instructions carefully.

Steven

Your Link is busted, should be http://thefmkb.com/14358

Sign In

mac | pc Latest FM 13 security update

Recommended Posts

Rick Whitelaw

Wim Decorte

Josh Ormond

Rick Whitelaw

mr_mike

Josh Ormond

Claus Lavendt

Wim Decorte

Claus Lavendt

Ocean West

Saubs

Claus Lavendt

Claus Lavendt

Steven H. Blackwell

Ocean West

James Gill

Create an account or sign in to comment

Create an account

Sign in

Similar Content

Can't upload new solution to server

Any Experience running FMS 16 on Big Sur?

IIS Application Request Routing Error

FMS 16 and OpenJDK

Error code not included in Help files

Browse

Site Support

Forums

Blogs

Marketplace

Activity

Important Information