Jump to content

Latest FM 13 security update


Rick Whitelaw
 Share

This topic is 2774 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I'm missing something here.i received an email from FMI about the latest update and followed the links etc. I run FMS with SSL turned on. The default certificate is used I assume. Now it seems the cert is only good for testing. Has this always been the case? Ami to assume that I must now purchase a third party certificate to use SSL effectively?

Link to comment
Share on other sites

Yes, you should purchase a certificate for your client deployments. For your own dev/test rig: that's up to you and your evaluation whether the data there is vulnerable/important.

 

With a custom certificate you have more control over the fact that the clients can verify that they are in fact talking to the right FMS.

Link to comment
Share on other sites

Thanks Wim.

I'm the only client. I don't suppose that makes a big difference since transmission of data is transmission of data no matter how one slices it. If there's anything further please reply.

Link to comment
Share on other sites

Thank you.

Well, I don't do anything with the "intermediate certificate" as you do not always get such from the CA.

But if you go with FM supported certificates it seems that FMS has the intermediate certificates for them.

I have only tested SSL 123 from Thawte, though.

 

Please feel free to contribute as much as you want. DevCon un-conference could maybe be  a venue for a workshop/talk about this area ?

Link to comment
Share on other sites

I know that FM Pro 13.0v9 can't open a database hosted on FM Server 13.0v5.  But is the inverse true as well?  That is, can FM Pro 13.0v5 open a database that's hosted on FMS 13.0v9?

Many thanks--

Link to comment
Share on other sites

The first is only true if SSL is enabled on FMS and using the default FMI certificate.

FMP(A) 13.0v5 CAN open files on FMS 13.0v9

Bear in mind that there is only an issue, if SSL is enabled on the server and you are using default FMI certificate.

If you want to enable SSL on the server, you should install a custom certificate.

Richard Carlton and I did a video on how to do that. 

Link to comment
Share on other sites

Stephen, it sounds like you have run the command again, after sending off the Certificate Request file to the vendor, where you want to puchase your certificate.

This could result in the keyfile being generated again, which will then not match your signed certificate.

Create a new CSR file with the first command. -> ask your SSL vendor to re-issue your certificate, using the new CSR file -> when recieving the signed certificate, use that to install with the second command. Make sure to read both the guide and the notes in the tool as it makes some assumptions to both naming and place for the signed certificate file.

If you are new to SSL, the video Richard and I did, provides some basic explanations to what it is.

Link to comment
Share on other sites

@Claus Lavendt et al - I discovered what the issue was. The Certificate came back from the CA via email - which was received on a 'web based' email client and the copy operation included random invisible characters. Pasting as plain text into a text editor did strip out these characters and was able to properly install the certificate.

Link to comment
Share on other sites

This topic is 2774 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.