So I attempted to run fmsadmin certificate import <myoriginal.cert> --keyfile <myoriginal.key> with my *InCommon* SHA-2 certificate files that matches the hostname of my server
This created the two expected .pem files:
-rw-r--r-- 1 root fmsadmin 3884 Apr 10 15:40 serverCustom.pem
-rw-r--r-- 1 root fmsadmin 1834 Apr 10 15:40 serverKey.pem
However, a reboot of the database -- (A) does not throw up any errors in the log files, but (B) no longer shows me the hosted database files and the PHP test pages do not work.
If I disable SSL and reboot the server -- the hosted files show and everything is fine
If I renable SSL -- remove those two .pem files -- and then reboot the server -- the hosted files show as encrypted, but are using the stock FMS 13.0v9 certificate -- working, but not "trusted". And the PHP test page wants to use the FileMaker Root cert.
So SSL *does* work -- but just not with my certificate -- which, admittedly is not in the list of "approved" certificates. (But it's an InCommon certificate -- it's just as valid as any other certificate on that list...)
So -- my question: What is FMS13 checking for when it's looking at certificates? Is it parsing the contents of the certificate to see if some string matches the "approved" certificates?
If so, why is it not throwing up an error anywhere (or is it and I haven't found it?) indicating why my certificate is not working?
I would rather not buy yet-another-certificate for my server when I already have one that is working for other purposes...
FileMaker Server will only work properly with a certificate from their list of approved ones. My guess is those are the only ones they include intermediate certificates for in their install.
You are probably right about this -- my InCommon certificate requires me to install intermediate certificates in the keychain before I can use it. Why FMS 13 doesn't have something similar in place, makes me hope FMS 14 will be a more inclusive product when it comes out.