2 Replies Latest reply on Dec 1, 2014 11:40 AM by millennium

    Server 13 with Intermediate Certificate

    millennium

      Title

      Server 13 with Intermediate Certificate

      Your post

      I'm unable to install an intermediate certificate on our server.  SSL verification shows everything is good except for the following notice: The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.

      I have the intermediate certificate from Comodo here: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/943/74/intermediate-positivessl-ca-2

      So I read the following instructions: http://help.filemaker.com/app/answers/detail/a_id/6496/related/1 which says I need to manually install the intermediate certificate on the Mac server instance of Apache (which I don't have installed and isn't compatible with FMS 13 anyway).

      Is there some further instructions than this: http://www.filemaker.com/help/13/fms/en/index.html#page/fms/fmsh_cmdref.19.05.html for installing an intermediate certificate?

        • 1. Re: Server 13 with Intermediate Certificate
          atsushimatsuo

          I'm unable to install an intermediate certificate on our server using fmsadmin CERTIFICATE IMPORT command, too.
          Recently almost all intermediate certificate needs to be installed on the server. Please improve.

          • 2. Re: Server 13 with Intermediate Certificate
            millennium

            So... is anyone out of their turkey coma yet? I'm sure there must be someone running intermediate certificates on their Mac servers right? The last line below seems to indicate that's all I'm missing. For what it's worth, I have installed (by double clicking) the intermediate certificate file and installing it onto the System keychain. The Digicert SSL Checker gives the following information (names changed to protect the incompetent):

            DNS resolves 'fms.ourdomain.org' to 56.234.56.234

            HTTP Server Header: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8za
            Protocol Support

            SSL certificate

            Common Name = fms.ourdomain.org
            Subject Alternative Names = fms.ourdomain.org, www.fms.ourdomain.org
            Issuer = PositiveSSL CA 2
            Serial Number = C4C26A7C4EE1232617E232AF8123456789
            SHA1 Thumbprint = 7188AEB356D061637D6512B75B8DDF9123456789
            Key Length = 2048 bit
            Signature algorithm = SHA1 + RSA (good)
            Secure Renegotiation: Supported

            This certificate does not use a vulnerable Debian key (this is good)

            SSL Certificate has not been revoked
             

                                                                                                                                                                                         
            OCSP Staple:Not Enabled
            OCSP Origin:Good
            CRL Status:Good


            SSL Certificate expiration

            The certificate expires July 25, 2015 (236 days from today)
            Certificate Name matches fms.ourdomain.org
             

                                                                                                                                                                                                               
            [IMG]https://www.digicert.com/images/icons/generic-server-cert.gif[/IMG]
            Subjectfms.ourdomain.org
            Valid from 25/Jul/2014 to 25/Jul/2015
            IssuerPositiveSSL CA 2


            SSL Certificate is not trusted

            The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.