Thank you for your post.
Please be sure to add this suggestion into our Feature Requests web form at:
The entries into this web form populate a database file that is hosted and monitored by Product Management and Development. All entries are read, discussed and considered for possible implementation in a future release. Although I could easily copy your post and paste it into the web form, there are a couple of questions asked on the web form that only you can answer.
By the way, is it documented somewhere that InCommon does not work?
An ISO responded with the following:
Why don’t we generate the Cert and see if it works? Incommon, Thawte and Comodo are almost interchangeable names. Typically if a platform supports 1 (or in this case 2) of the options, our certs will work.
I have InCommon certs installed on my FM server and it does not work. True the connection is secure but because Filemaker doesn't recognize InCommon certs if you hover over the "lock" icon it says "The SSL certificate can not be verified. You may of connected to a server pretending to be your actual destination, which could put your confidential information at risk".
I've made a Feature Request regarding this issue.
I also feature-requested about an hour ago, requesting that it be in the next release of 14 so we can proceed with upgrading as soon as possible.
So, if the InCommon cert works to encrypt but not validate, will it at least fulfill the requirement to more smoothly upgrade to 13.0v9 and 14?
I upgraded my server to 13.0v9 with the Incommon certs and then again to 14.
Filemaker does display the locked icon for the connection indicating that the connection is encrypted but because they don't trust Incommon Certs it can't "verify" that the certs are authentic. Since I reasonably confident that no one is spoofing my server I went ahead and upgraded. From what I can tell all FM did starting in 13.0v9 was change the UI to show more clearly what type of connections they trusted and which they did not. Also they seem to more clearly indicate that their own FM certificate is not secure and warn you not to use it for your production server. Here is the line from their 13.0v9 update page:
: A potential SSL issue could allow network communication to be compromised.
Description: An issue with FileMaker's root SSL certificates could allow network communication to be compromised. This issue was addressed by updates to application UI and to FileMaker security certificates.
Just as an FYI, we recently noticed that InCommon added the Comodo Elite SSL (which is on the FM list of supported certs) to the list of certs we could request. Might want to take a look to see if you can also request this cert now. Turns out this is a true Comodo cert (has the Comodo root authority, not InCommon). I just tested it on 13.0v9 and it appears to work!
Thanks. I looked and what do you know I can now download the Comodo Elite SSL from InCommon. I downloaded put in the request and received the cert by I don't really know how to upload it to filemaker as InCommon didn't sent me a private key file. How were you able to get it working on your server?