3 Replies Latest reply on Sep 25, 2014 9:28 AM by TSGal

    Using Require Secure Connections with a signed certificate - no databases are shown as hosted

    drowland@una.ab.ca

      Summary

      Using Require Secure Connections with a signed certificate - no databases are shown as hosted

      Product

      FileMaker Server

      Version

      13.0.4.400

      Operating system version

      OS X 10.9.4

      Description of the issue

      After enabling Require Secure Connection using a signed certificate the server no longer presents hosted databases to clients (even on the same local machine as the server).

      Steps to reproduce the problem

      1. Generate CSR, install signed certificate using fmsadmin.
      2. Reboot and verify web is using proper signed certificate
      3. Enable Require Secure Connections
      4. Restart Database Server
      5. Hosted databases are no longer listed (server still is).

      Expected result

      Client should be able to see hosted databases.

      Actual result

      Clients see no hosted databases while Require Secure Connection is enabled.

      Exact text of any error message(s) that appear

      N/A

      Configuration information

      When FMS starts it appears to be copying/re-encrypting keys from CStore to HTTPServer/conf and overwriting anything in that directory. The certificate is ripped out of serverCustom.pem and placed into server.pem. We don't understand where the server.key in HTTPServer/conf is being generated from; it does not match either of the keys in CStore.

      We attempted to modify the httpd.conf to point at a differently named cert (to avoid FMS overwriting it) but that causes Web Server to not launch. Equally we attempted to lock the certs in HTTPServer/conf to avoid being overwritten but with identical results.

      We've built FMS clean on a test server to replicate this behaviour we saw on our production and dev servers. We've also re-issued the certs with no change in symptoms.

      Workaround

      1. Generate and install the signed certificate.
      2. Verify web is using the signed certificate.
      3. Turn off the Database Server.
      4. Delete from the CStore: serverCustom.pem, serverKey.pem, serverRequest.pem
      5. Enable "Require Secure Connections"
      6. Turn on the Database Server

      Web will now be using the correct signed certificate and FM Clients can see hosted databases.

      HOWEVER YOU CAN'T REBOOT

      Upon reboot FMS is going to overwrite the signed keys (in HTTPServer/conf) with the original self signed keys.

      See: http://forums.filemaker.com/posts/98f940fcdf