Jump to content

Latest FM 13 security update

Rick Whitelaw

By Rick Whitelaw
in FileMaker Server 13

 Share

This topic is 3751 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Rick Whitelaw Mentor

Rick Whitelaw

Posted
Posted

I'm missing something here.i received an email from FMI about the latest update and followed the links etc. I run FMS with SSL turned on. The default certificate is used I assume. Now it seems the cert is only good for testing. Has this always been the case? Ami to assume that I must now purchase a third party certificate to use SSL effectively?

Wim Decorte Grand Master

Wim Decorte

Posted
Posted

Yes, you should purchase a certificate for your client deployments. For your own dev/test rig: that's up to you and your evaluation whether the data there is vulnerable/important.

 

With a custom certificate you have more control over the fact that the clients can verify that they are in fact talking to the right FMS.

Rick Whitelaw Mentor

Rick Whitelaw

Posted
  • Author
Posted

Thanks Wim.

I'm the only client. I don't suppose that makes a big difference since transmission of data is transmission of data no matter how one slices it. If there's anything further please reply.

mr_mike Contributor

mr_mike

Posted
Posted

Can a self signed certificate be used?  We have the ability to generate these for all our servers.

 

Thank you

 

Josh Ormond Mentor

Josh Ormond

Posted
Posted

FileMaker has a built in list of CA and Certificates it can use...if I understand it correctly.

Claus Lavendt Community Regular

Claus Lavendt

Posted
Posted

Thank you.

Well, I don't do anything with the "intermediate certificate" as you do not always get such from the CA.

But if you go with FM supported certificates it seems that FMS has the intermediate certificates for them.

I have only tested SSL 123 from Thawte, though.

 

Please feel free to contribute as much as you want. DevCon un-conference could maybe be  a venue for a workshop/talk about this area ?

Ocean West Grand Master

Ocean West

Posted
Posted

I used the tool @Claus Lavendt and everything worked fine but i am getting an error that i hand't seen - 

This certificate does not match the key file [Error: -1 (Internal error)]

not sure the proper remedy.

 

 

Saubs Collaborator

Saubs

Posted
Posted

I know that FM Pro 13.0v9 can't open a database hosted on FM Server 13.0v5.  But is the inverse true as well?  That is, can FM Pro 13.0v5 open a database that's hosted on FMS 13.0v9?

Many thanks--

Claus Lavendt Community Regular

Claus Lavendt

Posted
Posted

The first is only true if SSL is enabled on FMS and using the default FMI certificate.

FMP(A) 13.0v5 CAN open files on FMS 13.0v9

Bear in mind that there is only an issue, if SSL is enabled on the server and you are using default FMI certificate.

If you want to enable SSL on the server, you should install a custom certificate.

Richard Carlton and I did a video on how to do that. 

Claus Lavendt Community Regular

Claus Lavendt

Posted
Posted

Stephen, it sounds like you have run the command again, after sending off the Certificate Request file to the vendor, where you want to puchase your certificate.

This could result in the keyfile being generated again, which will then not match your signed certificate.

Create a new CSR file with the first command. -> ask your SSL vendor to re-issue your certificate, using the new CSR file -> when recieving the signed certificate, use that to install with the second command. Make sure to read both the guide and the notes in the tool as it makes some assumptions to both naming and place for the signed certificate file.

If you are new to SSL, the video Richard and I did, provides some basic explanations to what it is.

Ocean West Grand Master

Ocean West

Posted
Posted

@Claus Lavendt et al - I discovered what the issue was. The Certificate came back from the CA via email - which was received on a 'web based' email client and the copy operation included random invisible characters. Pasting as plain text into a text editor did strip out these characters and was able to properly install the certificate.

This topic is 3751 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept