AnsweredAssumed Answered

No hosted files visible after importing an SSL certificate

Question asked by JonJ on Mar 24, 2015
Latest reply on Mar 26, 2015 by JonJ

Like • Show 0 Likes0
Comment • 5

Summary

Product

FileMaker Server

Version

13.0.5.520

Operating system version

Win2012

Description of the issue

I created a request for a certificate (as per the command-line instructions). I got a COMODO PositiveSSL certificate.

I imported the certificate (as per the command-line instructions) with out any problems or error messages.

I turned on 'require secure connections' on the admin console, then restarted the server.

On restart, the server started as normal, and the admin console reported that all databases were open and hosted normally.

However, filemaker clients could see the host, but no hosted files. Similarly the WebD homepage opened as normal, but did not list any files.

Turning off 'require secure connections' and restarting returned the hosting to normal. Eventually, I removed the 'serverCustom.pem' file from the server's Cstore folder, turned on 'require secure connections' on the admin console, then restarted the server—this is now back to using 'secure' connections using the server's default certificate.

Steps to reproduce the problem

As above

Expected result

Databases are hosted using my own encryption certificate.

Actual result

The server appears to be serving the databases, but none are visible in the host list of any FM client, or on the WebD homepage.

Exact text of any error message(s) that appear

None.

Workaround

Use insecure connections.

No one else has this question

Outcomes

disabled_ntaylor Mar 24, 2015 1:07 PM

JonJ:

Thank you for the post.

The symptoms you describe indicate the use of an SSL certificate that is not tested.

“I got a COMODO PositiveSSL certificate.”

The two Comodo certificates that are tested to work are the following:

Comodo Elite SSL Certificates bundled with certificate

Comodo SSL with SHA-256 (under SHA-1 Root)

Please review the following knowledge base article for the full list of tested certificates:

List of supported SSL certificate types and vendors for FileMaker platform

TSFalcon

FileMaker, Inc.

Actions

JonJ Mar 24, 2015 2:37 PM

As I said in previous communications with FileMaker, the list of supported SSL certificate types is so opaque as to to be useless — what do any of the terms actually mean with respect to the options available on the Comodo website?

Secondly, if FIleMaker is only going to work with certain certificates (something that's weird in its own right... why not use the same certificates as the rest of the server?), then why do you let it import unsuitable certificates?

This seems to be the suck-it-and-see school of programming! I'm sorry, but it's very disappointing!

Actions

disabled_ntaylor Mar 24, 2015 3:38 PM

JonJ:

Thank you for the reply.

https://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-elitessl.html

The certificate at the link above is the Comodo Elite SSL Certificates bundled with certificate and the one tested to work.

The nature of SSL requires the certificate to be a part of both the FileMaker Server and FileMaker Pro (Advanced) installations. Installing a certificate we did not test will not work because the clients do not include the certificate as part of the installation.

Additionally, I have forwarded a request to the manager of Documentation to see about updating the knowledge base article to be more clear in the future.

TSFalcon

FileMaker, Inc.

Actions

disabled_ntaylor Mar 25, 2015 1:12 PM

JonJ:

The knowledge base article has been updated. The links direct the user to the certificate point of purchase for the specific certificates that were tested.

List of supported SSL certificate types and vendors for FileMaker platform

TSFalcon

FileMaker, Inc.

Actions

JonJ Mar 26, 2015 3:40 AM

Hi,

Thanks -- that make a bit more sense!

> The nature of SSL requires the certificate to be a part of both the FileMaker Server and FileMaker Pro (Advanced) installations.
> Installing a certificate we did not test will not work because the clients do not include the certificate as part of the installation.

That's true, but all operating systems have a standard set of trusted CAs installed (and updated) by default—surely that's how other apps (particularly browsers) cope. And with other apps, if I manage both the clients and server I could easily arrange for the clients to trust whatever root CA I choose.

I hope the next version of FIleMaker will make certificate a lot simpler to handle :)

Regards,

Actions

5 Replies

disabled_ntaylor Mar 24, 2015 1:07 PM
Mark Correct
Correct Answer
JonJ:

Thank you for the post.

The symptoms you describe indicate the use of an SSL certificate that is not tested.

“I got a COMODO PositiveSSL certificate.”

The two Comodo certificates that are tested to work are the following:

Comodo Elite SSL Certificates bundled with certificate

Comodo SSL with SHA-256 (under SHA-1 Root)

Please review the following knowledge base article for the full list of tested certificates:

List of supported SSL certificate types and vendors for FileMaker platform

TSFalcon

FileMaker, Inc.
Like • Show 0 Likes0
Actions
JonJ Mar 24, 2015 2:37 PM
Mark Correct
Correct Answer
As I said in previous communications with FileMaker, the list of supported SSL certificate types is so opaque as to to be useless — what do any of the terms actually mean with respect to the options available on the Comodo website?

Secondly, if FIleMaker is only going to work with certain certificates (something that's weird in its own right... why not use the same certificates as the rest of the server?), then why do you let it import unsuitable certificates?

This seems to be the suck-it-and-see school of programming! I'm sorry, but it's very disappointing!

J.
Like • Show 0 Likes0
Actions
disabled_ntaylor Mar 24, 2015 3:38 PM
Mark Correct
Correct Answer
JonJ:

Thank you for the reply.

https://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-elitessl.html

The certificate at the link above is the Comodo Elite SSL Certificates bundled with certificate and the one tested to work.

The nature of SSL requires the certificate to be a part of both the FileMaker Server and FileMaker Pro (Advanced) installations. Installing a certificate we did not test will not work because the clients do not include the certificate as part of the installation.

Additionally, I have forwarded a request to the manager of Documentation to see about updating the knowledge base article to be more clear in the future.

TSFalcon

FileMaker, Inc.
Like • Show 0 Likes0
Actions
disabled_ntaylor Mar 25, 2015 1:12 PM
Mark Correct
Correct Answer
JonJ:

The knowledge base article has been updated. The links direct the user to the certificate point of purchase for the specific certificates that were tested.

List of supported SSL certificate types and vendors for FileMaker platform

TSFalcon

FileMaker, Inc.
Like • Show 0 Likes0
Actions
JonJ Mar 26, 2015 3:40 AM
Mark Correct
Correct Answer
Hi,

Thanks -- that make a bit more sense!

> The nature of SSL requires the certificate to be a part of both the FileMaker Server and FileMaker Pro (Advanced) installations.
> Installing a certificate we did not test will not work because the clients do not include the certificate as part of the installation.

That's true, but all operating systems have a standard set of trusted CAs installed (and updated) by default—surely that's how other apps (particularly browsers) cope. And with other apps, if I manage both the clients and server I could easily arrange for the clients to trust whatever root CA I choose.

I hope the next version of FIleMaker will make certificate a lot simpler to handle :)

Regards,

J.
Like • Show 0 Likes0
Actions

No hosted files visible after importing an SSL certificate

Summary

Product

Version

Operating system version

Description of the issue

Steps to reproduce the problem

Expected result

Actual result

Exact text of any error message(s) that appear

Workaround

Outcomes

Related Content

Recommended Content