Short Simple Question (Filemaker 13.0 v9/SSL)

[Craig Wall]

I find the tech documents surrounding 13.0 v9 to be a little confusing.

I am assuming that the SSL certificate only needs to be installed on FMS and no certs are needed for clients accessing the server. I believe this to be correct but want to be sure. Can I get a word on this? Thanks in advance.

Edited April 30, 2015 by Craig Wall

[bcooney]

Correct.

[James Gill]

You are correct, however it's worth noting that while you do not need to have the server cert installed on the Client, if the Client does not have the Certificate Authority Cert installed then they're still going to get errors when they try to connect to a server with a valid SSL certificate.

It's pretty rare to not have a major CA cert installed by default on major OS's, but I did run into an instance of an older version of Filemaker Server not having the newest GoDaddy CA installed that was causing some issues with a server-side script that was using SSL.

Edited April 30, 2015 by James Gill

[Craig Wall]

bcooney, James...thank you for your replies.

 

I guess I'm still confused then from what you are saying James. I suppose I'll have to bite the bullet and spend some time better grokking what SSL is all about. But for my immediate needs let me simplify my question even further.

Given this context: All Mac clients and Mac server...All 13.09...Does Apple's best practice suggest we worry about installing any SSL certificates on client machines? I'm going to ride with bcooney's answer if I don't hear otherwise.

[James Gill]

Does Apple's best practice suggest we worry about installing any SSL certificates on client machines? 

No.  There is no need to install an SSL Certificate to anything but the server.

[Claus Lavendt]

SSL certificates is only relevant if you choose to enable SSL on FMS.

If you choose to enable SSL on FMS, you should install a custom certificate. Make sure to use a FMS supported certificate, which you can find a list of in FileMaker's Knowledge base. FileMaker clients have included supported CA roots. But for browsers, the OS is handling the CA roots.

If you want to know more about certificates, how it works with FileMaker and how to install them, I did a video with Richard Carlton and wrote a certificate helper tool & guide. We are talking about the basics and I think it is fairly easy to understand, what this is about, after watching the video.

http://www.datamanix.com/news/files/fms-certificate-guide-tool.html

[Craig Wall]

Claus, you write,

SSL certificates is only relevant if you choose to enable SSL on FMS.

But as I understand FileMaker Inc is insisting that we all do exactly that. Thank you for the link--and your work in co-creating the video! I'll check it out.

[Steven H. Blackwell]

Please understand that the custom certificate has two major purposes:

1. Confidentiality of data in transit.

2. Confirmation of server's assertion of its identity.  This helps to prevent man-in-the-middle attacks.

 

Steven

[Fitch]

But as I understand FileMaker Inc is insisting that we all do exactly that.

​Not at all -- the SSL checkbox is not selected by default. Are your clients and server on a LAN/intranet? What's the nature of your data, i.e., what's the magnitude of your risk? I might be going out on a limb, but IMHO there are scenarios where SSL is more trouble than it's worth.