Rick Whitelaw Posted April 6, 2015 Posted April 6, 2015 I'm missing something here.i received an email from FMI about the latest update and followed the links etc. I run FMS with SSL turned on. The default certificate is used I assume. Now it seems the cert is only good for testing. Has this always been the case? Ami to assume that I must now purchase a third party certificate to use SSL effectively?
Wim Decorte Posted April 6, 2015 Posted April 6, 2015 Yes, you should purchase a certificate for your client deployments. For your own dev/test rig: that's up to you and your evaluation whether the data there is vulnerable/important. With a custom certificate you have more control over the fact that the clients can verify that they are in fact talking to the right FMS.
Josh Ormond Posted April 6, 2015 Posted April 6, 2015 "the only secure way to connect" I believe is the line they used.
Rick Whitelaw Posted April 6, 2015 Author Posted April 6, 2015 Thanks Wim. I'm the only client. I don't suppose that makes a big difference since transmission of data is transmission of data no matter how one slices it. If there's anything further please reply.
mr_mike Posted April 9, 2015 Posted April 9, 2015 Can a self signed certificate be used? We have the ability to generate these for all our servers. Thank you
Josh Ormond Posted April 9, 2015 Posted April 9, 2015 FileMaker has a built in list of CA and Certificates it can use...if I understand it correctly.
Claus Lavendt Posted April 13, 2015 Posted April 13, 2015 To anyone interested, Richard and I shot a video today, that he will publish at the end of the week.I wrote a very simple guide and tool, which you can find on this link: http://www.datamanix.com/news/files/fms-certificate-guide-tool.html 2
Wim Decorte Posted April 13, 2015 Posted April 13, 2015 Good stuff Claus. What do you do with with the "intermediate certificate" that you get from the CA?
Claus Lavendt Posted April 13, 2015 Posted April 13, 2015 Thank you. Well, I don't do anything with the "intermediate certificate" as you do not always get such from the CA. But if you go with FM supported certificates it seems that FMS has the intermediate certificates for them. I have only tested SSL 123 from Thawte, though. Please feel free to contribute as much as you want. DevCon un-conference could maybe be a venue for a workshop/talk about this area ?
Ocean West Posted April 18, 2015 Posted April 18, 2015 I used the tool @Claus Lavendt and everything worked fine but i am getting an error that i hand't seen - This certificate does not match the key file [Error: -1 (Internal error)] not sure the proper remedy.
Saubs Posted April 21, 2015 Posted April 21, 2015 I know that FM Pro 13.0v9 can't open a database hosted on FM Server 13.0v5. But is the inverse true as well? That is, can FM Pro 13.0v5 open a database that's hosted on FMS 13.0v9? Many thanks--
Claus Lavendt Posted April 21, 2015 Posted April 21, 2015 The first is only true if SSL is enabled on FMS and using the default FMI certificate. FMP(A) 13.0v5 CAN open files on FMS 13.0v9 Bear in mind that there is only an issue, if SSL is enabled on the server and you are using default FMI certificate. If you want to enable SSL on the server, you should install a custom certificate. Richard Carlton and I did a video on how to do that.
Claus Lavendt Posted April 21, 2015 Posted April 21, 2015 Stephen, it sounds like you have run the command again, after sending off the Certificate Request file to the vendor, where you want to puchase your certificate. This could result in the keyfile being generated again, which will then not match your signed certificate. Create a new CSR file with the first command. -> ask your SSL vendor to re-issue your certificate, using the new CSR file -> when recieving the signed certificate, use that to install with the second command. Make sure to read both the guide and the notes in the tool as it makes some assumptions to both naming and place for the signed certificate file. If you are new to SSL, the video Richard and I did, provides some basic explanations to what it is.
Steven H. Blackwell Posted April 22, 2015 Posted April 22, 2015 Latest Update http://thefmkb.com/14358. Version 12 now included. Please read the instructions carefully. Steven
Ocean West Posted April 23, 2015 Posted April 23, 2015 @Claus Lavendt et al - I discovered what the issue was. The Certificate came back from the CA via email - which was received on a 'web based' email client and the copy operation included random invisible characters. Pasting as plain text into a text editor did strip out these characters and was able to properly install the certificate.
James Gill Posted April 29, 2015 Posted April 29, 2015 Latest Update http://thefmkb.com/14358. Version 12 now included. Please read the instructions carefully. Steven Your Link is busted, should be http://thefmkb.com/14358
Recommended Posts
This topic is 3751 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now