2 Replies Latest reply on May 6, 2014 12:19 PM by cjcj01

    Question about Server 13.0v2 Update and installing new certificate

    cjcj01

      Title

      Question about Server 13.0v2 Update and installing new certificate

      Your post

           Hi,

           I have a question about the new update to Server 13.0v2...

           - Why does the default SSL certificate need replacing in 1.1 of the instructions? Or better said...

           - Filemaker provides a default FMI certificate with v13.0.  Why is the internal FMI certificate not updated with this release and why do we need to go get a third party one?

           My problem with this is that:

           I already have a certificate for a client's domain which is functioning fine for the website on IIS (Windows 2012 Server) It cost something like $50 for 4 years.  I recognise from this link that FMGo only has a limited number of certificates installed... but apart from the internal FMI one, these all cost $150 per year minimum from the links provided on top of FMServer in order to get a secure connection to FMGo.

           As far as I understand the link, my existing certificate for the domain won't work as an import to FM as it isn't supported, as despite it being from Comodo, it isn't the right one (i.e. it is cheaper)...

           But everything was working fine (apart from the heartbleed exploit) on FM13.... so why doesn't FM release FM13.0v2 with an update FMI certificate?

        • 1. Re: Question about Server 13.0v2 Update and installing new certificate
          TSGal

               cjcj01:

               The certificate is updated with the 13.0v2 update.  How are you verifying the certificate is not updated?

               TSGal
               FileMaker, Inc.

          • 2. Re: Question about Server 13.0v2 Update and installing new certificate
            cjcj01

                 Hi TSGal, thanks for your quick response.

                 I think maybe either I am just mis-reading the instructions / or the the instructions aren't clear enough.

                 Section 1.1. of the link above says:

                 

            After applying this software, if you do not have a signed SSL certificate that matches your specific server name or DNS name, request a certificate from a trusted certificate authority (CA) supported by FileMaker, Inc...

                 The way I read the above, is that this was a required step in the update process i.e. that we all have to now get an externally signed SSL certificate now with OpenSSL 1.0.1g.

            Maybe it could be reworded:

                 

            After applying this software update, if you use or require a signed SSL certificate that matches your specific server name or DNS name, request a certificate from a trusted certificate authority (CA) supported by FileMaker, Inc... 

                 If the internal certificate is updated, that's great.  Thanks.