AnsweredAssumed Answered

Impossible to Have Valid Cert on 2-Machine Deployment for FM Clients

Question asked by Mac89 on May 16, 2015
Latest reply on May 19, 2015 by disabled_ntaylor

Summary

Impossible to Have Valid Cert on 2-Machine Deployment for FM Clients & Admin Console

Product

FileMaker Server

Version

13.0.9

Operating system version

Windows Server 2012

Description of the issue

When utilizing a custom cert on a 2-machine deployment, it is impossible to make the cert appear as valid when accessing the solution from FM Clients, FM Go and the Admin Console.

The basic issue revolves around the fact that WebDirect clients access the server from the Worker machine while FM Clients, FM Go and the Admin Console access the Master.

The domain on the cert points to the Worker machine so when being accessed via WebDirect it will show as valid.

However, when accessing the Master through FM Clients, FM Go or Admin Console you will be entering either a different IP or domain name that will not match the cert that is loaded and does match the Worker.

There needs to be a way to have two certs loaded or some other workaround so that clients accessing on the Master also see a valid cert and know they are connecting to a valid server.

Steps to reproduce the problem

1 - Set up a two-machine deployment with a custom cert.
2 - Access through WebDirect and it will show as valid.
3 - Access through FMP, FMPA, FM Go or Admin Console which needs to point at the Master.

Expected result

WebDirect and all FM Clients and Admin Console users need to see a valid certificate.

Actual result

Sessions will be encrypted and show a lock in the bottom left of FM clients but will show as not valid and the Get ConnectionState Attribute will only show secure state 2. There is no way to get a 3 or valid cert.

Outcomes