1 2 Previous Next 21 Replies Latest reply on Jul 10, 2013 2:26 AM by sebastian.haendel

    FileMaker won't connect clients, can't enable SSL

    GuruEvi

      Summary

      FileMaker won't connect clients, can't enable SSL

      Product

      FileMaker Server

      Version

      12.0.2

      Operating system version

      Mac OS X Server 10.7.5

      Description of the issue

      Hi,

      No clients will connect to the database. According to some reports it's because I have a missing certificate.

      Whenever I enable SSL on the database server, the database server won't restart. I literally have to reinstall the server in order to get it back to work (as you can't modify the server settings while the server isn't started).

      So in order for SSL to work correctly you apparently have to have a certificate in CStore (/Library/FileMaker Server/CStore) which directory is currently empty. Attempting to generate an SSL certificate using fmsadmin (fmsadmin CERTIFICATE CREATE hostname.domainname.tld) comes up with:

      fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
      Error: -1

      It's FM Pro Server (Std) 12 on Mac OS X Server 10.7.5 on an XServe (8-core, 24GB RAM).

      Steps to reproduce the problem

      Install FM Server 12
      Clients won't connect
      Admin site will work
      SSL enable will crash the database server

      Expected result

      For it to work

      Actual result

      It doesn't work

      Exact text of any error message(s) that appear

      fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
      Error: -1

      Configuration information

      It's FM Pro Server (Std) 12 on Mac OS X Server 10.7.5 on an XServe (8-core, 24GB RAM).

      Workaround

      None

        • 1. Re: FileMaker won't connect clients, can't enable SSL

               Guru Evi:

               If I understand correctly, then the goal is to use fmsadmin user through command line to create the missing certificate files in the CStore folder located at the following path:

                

               /Library/FileMaker Server/CStore 

                

               After performing a "Get Info" on my CStore folder, I discovered that by default the fmsadmin user's privilege is set to "Read only." 

                

               If I perform the same terminal command without first giving the fmsadmin user the "Read & Write" privilege, then I receive the same result. 

                

               Change the folder's user's permissions. See the screenshot below. 

                

               Afterwards, the same command line command in terminal should then be able to create the serverKey.pem and serverRequest.pem files.

                

               TSFalcon

               FileMaker, Inc.

          • 2. Re: FileMaker won't connect clients, can't enable SSL
            GuruEvi

                 Already tried that. sh-3.2# cd /Library/FileMaker\ Server/CStore/

                 sh-3.2# ls
                 sh-3.2# pwd
                 /Library/FileMaker Server/CStore
                 sh-3.2# ls -ali
                 total 0
                 41952967 drwxrwxr-x   2 fmserver  fmsadmin   68 Jan 16 17:02 .
                 41912818 drwxrwxr-x@ 12 fmserver  fmsadmin  680 Jan 17 10:10 ..
                 sh-3.2# fmsadmin CERTIFICATE CREATE filemaker.rcbi.rochester.edu
                 fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
                 Error: -1
                 sh-3.2# whoami
                 root
            • 3. Re: FileMaker won't connect clients, can't enable SSL

                    

                   Guru Evi:

                   Thank you for the reply. 

                   What is the result if the following command from page 171 of the FileMaker Server 12 Help Guide is pasted into the terminal window:

                   fmsadmin CERTIFICATE CREATE hostname.domainname.tld

                   Does pasting exactly that into the terminal prompt produce the same error?

                   TSFalcon

                   FileMaker, Inc.

              • 4. Re: FileMaker won't connect clients, can't enable SSL
                GuruEvi

                      

                     Yes.
                      
                     sh-3.2# fmsadmin CERTIFICATE CREATE rcbi.rochester.edu     
                     fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
                     Error: -1
                     sh-3.2# fmsadmin CERTIFICATE CREATE hostname.domainname.tld
                     fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
                     Error: -1
                      
                • 5. Re: FileMaker won't connect clients, can't enable SSL
                  GuruEvi

                       What's even weirder is when I do this:

                       sh-3.2# touch serverRequest.pem

                       sh-3.2# ls -l

                        

                       total 0
                       -rw-r--r--  1 root  fmsadmin  0 Jan 23 15:27 serverRequest.pem
                       sh-3.2# chown fmserver:fmsadmin serverRequest.pem 
                       sh-3.2# ls -l
                       total 0
                       -rw-r--r--  1 fmserver  fmsadmin  0 Jan 23 15:27 serverRequest.pem
                       sh-3.2# fmsadmin CERTIFICATE CREATE hostname.domainname.tld
                       fmsadmin: Failed to generate the new certificate request file [/Library/FileMaker Server/CStore/serverRequest.pem].
                       Error: -1
                       sh-3.2# ls -l
                       sh-3.2# 
                        
                       So the fmsadmin does remove the old serverRequest.pem (it's not a permissions issue) but the script somewhere fails in the middle with no output whatsoever (not in logs)
                  • 6. Re: FileMaker won't connect clients, can't enable SSL
                    sebastian.haendel

                         I have this Problem, too. Is there any Fix?

                    • 7. Re: FileMaker won't connect clients, can't enable SSL

                           Sebastian Händel:

                           Thank you for the post.

                            

                           I was not able to replicate the behavior mentioned by Guru Evi on my work station. The serverKey.pem and serverRequest.pem files are both created in the directory /Library/FileMaker Server/CStore when using the following command in terminal:

                            

                           fmsadmin CERTIFICATE CREATE hostname.domainname.tld

                            

                           Some steps that may help narrow this down follow:

                            

                           1. Delete any files named serverKey.pem or serverRequest.pem from this directory /Library/FileMaker Server/CStore and try the command again.

                           2. Test from a new administrative user on the computer.

                           3. Test from another computer to see if the same error occurs.

                            

                           If you could provide more information about the specific problem you are encountering, then I will be able to provide additional or more precise troubleshooting. 

                            

                           TSFalcon
                           FileMaker, Inc.

                      • 8. Re: FileMaker won't connect clients, can't enable SSL
                        sebastian.haendel

                             I have tested a lot now... I installed the FMS on a other Machine and it worked fine, i turn on SSL and restart the Database. No Problem.

                             But on the first Mac Server it wont work. I have reinstalled the Server two times! Allways the same behavior as written Guru Evi.

                             I dont understand what i am doing wrong. Its a Mac Mini Server Middle 2012 with Mountain Lion 10.8.3 (with Server App).

                             Just after the OS Installation, i installed the FMS 12.04.40. And the Java DK that comes with it. (i did this 3 times! i formated the disks and so on...)

                             There is one other problem, after the installation. I cant start the Admin Console becouse the Java Web Start wont open it, becouse it cant find an Java Environment. I tried the whole day to fix this... i installed Java 7 17 a hundret times... but no success...

                             I can only start the admin console from my Macbook to make the installation complete.

                             I have to use this Mac mini server... it is only for the FMS. But i dont know how i can install the FMS an turn on SSL...

                             (P.S. Please excuse my poor english. ;-))

                        • 9. Re: FileMaker won't connect clients, can't enable SSL

                               Sebastian Händel:

                               Thank you for the post.  

                                

                               Delete the entire contents of the following folder on the server:

                                

                               /Users/username/Library/Caches/Java/cache/

                                

                               A "6.0" folder may be left over from the previous version of Java, and occasionally deleting from the Java Control Panel fails to remove the files. 

                                

                               Afterwards, try again to download the FileMaker Server Admin Console tool from localhost:16000 in your browser. If prompted to let Java run, then allow. If no file downloads and the login prompt doesn't appear, then try another browser. 

                                

                               TSFalcon

                               FileMaker, Inc.

                          • 10. Re: FileMaker won't connect clients, can't enable SSL
                            sebastian.haendel
                            - I just formated the Hard Disk and reinstalled Mac OS 10.8.3. - Then installed the OS X Server from the Mac App Store. - Started the Server App and enabled the Web Service (with PHP enabled) - Copied the fms_12.0.4.405.dmg on the Desktop - Started the FMS Installation (Single Machine) - The Java 7 17 Installation did start (that is bundled within the FMS) - Both Installers finished - Then Safari opens to Start the Admin Console - The Admin Console did not start but the "admin_console_init_webstart.jnlp" is in the Download-List - When i try to start the "admin_console_init_webstart.jnlp" this Message from the Java-Web-Start App appears: "To open this Web Start application, you need to download the Java Runtime Environment. Click "More Info..." to visit the website for the Java Runtime Environment." - I tried to delete the contents of the Folder "/Users/(my user name)/Library/Caches/Java/cache/", but there is no Java Folder under "/Users/(my user name)/Library/Caches/" - Then i installed Firefox, but there is the same behavior as Safari -------------------------- After that i started the Admin Console from my MacBook (10.8.3 with Java 7 17) without any Problems. So i configured the Admin Account, Single Machine and WebServer: Apache... Everything of the Deployment works fine, except "Start XDBC" there is the message "omniORB: Warning: SSL CA certificate file is not set or cannot be found. SSL transport disabled." After i click OK, the Admin Console appears and everything works fine. I can install a Filemaker DB and get a connection I can stop and start the Database, etc... But as soon as i activate SSL at the Database-Server Configuration, i stop the DB-Server and do not get it started again and the /Library/FileMaker Server/CStore directory is empty. And the fmsadmin CERTIFICATE CREATE fails.
                            • 11. Re: FileMaker won't connect clients, can't enable SSL
                              sebastian.haendel
                               I dont know why the format of my Post fails, but here is it as Pic: (for better reading)
                              • 12. Re: FileMaker won't connect clients, can't enable SSL
                                philmodjunk

                                      I dont know why the format of my Post fails,

                                     from what browser/operating system are you posting?

                                     There are many ongoing issues with the forum software in use so documenting what you used that produced that single blob of text is useful info I can pass on to Modman to then pass on the the team that is responsible for the software.

                                • 13. Re: FileMaker won't connect clients, can't enable SSL
                                  sebastian.haendel

                                       I use Mac OS 10.8.3 with Safari.

                                       This was the first post that looses his format.

                                  • 14. Re: FileMaker won't connect clients, can't enable SSL
                                    philmodjunk

                                         Thanks, I'll pass on that info.

                                    1 2 Previous Next