3 Replies Latest reply on Apr 13, 2015 8:37 AM by maser

    Server 13.0v9 on Mac -- if I already have server certificate -- how can I use it?

    maser

      Title

      Server 13.0v9 on Mac -- if I already have server certificate -- how can I use it?

      Your post

      Say, for other reasons, I have already obtained a server certificate for my server:  "server.company.com" and have imported it into my keychain.

      I'd like to reuse this certificate for FMS 13.0v9 -- is that possible?   If so, how do you go about doing this?

        • 1. Re: Server 13.0v9 on Mac -- if I already have server certificate -- how can I use it?
          maser

          So I attempted to run fmsadmin certificate import <myoriginal.cert> --keyfile <myoriginal.key> with my *InCommon* SHA-2 certificate files that matches the hostname of my server

          This created the two expected .pem files:
          -rw-r--r--   1 root      fmsadmin    3884 Apr 10 15:40 serverCustom.pem

          -rw-r--r--   1 root      fmsadmin    1834 Apr 10 15:40 serverKey.pem

          However, a reboot of the database -- (A) does not throw up any errors in the log files, but (B) no longer shows me the hosted database files and the PHP test pages do not work.

          If I disable SSL and reboot the server -- the hosted files show and everything is fine

          If I renable SSL --  remove those two .pem files -- and then reboot the server -- the hosted files show as encrypted, but are using the stock FMS 13.0v9 certificate -- working, but not "trusted".   And the PHP test page wants to use the FileMaker Root cert.

           

          So SSL *does* work -- but just not with my certificate -- which, admittedly is not in the list of "approved" certificates.  (But it's an InCommon certificate -- it's just as valid as any other certificate on that list...)

          So -- my question:  What is FMS13 checking for when it's looking at certificates?  Is it parsing the contents of the certificate to see if some string matches the "approved" certificates?    

          If so, why is it not throwing up an error anywhere (or is it and I haven't found it?) indicating why my certificate is not working?

          I would rather not buy yet-another-certificate for my server when I already have one that is working for other purposes...

          • 2. Re: Server 13.0v9 on Mac -- if I already have server certificate -- how can I use it?
            PointInSpace

            FileMaker Server will only work properly with a certificate from their list of approved ones.  My guess is those are the only ones they include intermediate certificates for in their install.

            - John

            • 3. Re: Server 13.0v9 on Mac -- if I already have server certificate -- how can I use it?
              maser

              You are probably right about this -- my InCommon certificate requires me to install intermediate certificates in the keychain before I can use it.   Why FMS 13 doesn't have something similar in place, makes me hope FMS 14 will be a more inclusive product when it comes out.