5 Replies Latest reply on Apr 19, 2016 1:49 PM by TSGal

    SSL SHA-1 dependancies

    AlanBrooks

      In this article: (http://help.filemaker.com/app/answers/detail/a_id/14169/~/creating-a-new-custom-ssl-certificate-for-filemaker-server) Filemaker requires users to buy SSL Certs with "SHA-2 with SHA-1 Root" hashing algo for use in their Filemaker servers.  While this might be OK for users who do not offer web-based connections, anyone who offers Custom Web Publishing or other web solutions will encounter visiting browsers that do not indicate SHA-1 connections are secure since Google mandated they be refused past December 31st 2015.

       

      When does Filemaker plan to shed the need for SHA-1 dependancies and move completely to SHA-2?

        • 1. Re: SSL SHA-1 dependancies
          TSGal

          AlanBrooks:

           

          Thank you for your post.

           

          FileMaker, Inc. neither speculates nor discusses future products.

           

          I recommend that you also post this to the Product Ideas board at:

          Product Ideas

           

          This board is monitored by Product Management and Development.  All entries are discussed and considered for possible implementation in a future release.

           

          TSGal

          FileMaker, Inc.

          • 2. Re: SSL SHA-1 dependancies
            ptfm12

            It is unfortunate, but this seems to be the attitude of a number of FileMaker Support staff.  As a consequence, we have just blocked our FileMaker 14 server from the outside world.  ie. it is now being used only for internal clients only.

            A sepparate Unix-based web database server will now service our external clients.

            • 3. Re: SSL SHA-1 dependancies
              AlanBrooks

              Thank you TSGal, I've reposted in Product Ideas but I most definitely see this as more of a "Product Issue" and less of a "great idea." 

               

              SHA-1 SSL certs have been deprecated by Google, Mozilla, Microsoft, etc.  Version 14 should never have included them.

              • 4. Re: SSL SHA-1 dependancies
                fperez

                Are you kidding me... I just paid quite a chunk of money for my certificate through Thawte and I have web direct and I cannot login from any web-browser. It shows the index.html page I created but once it sends the user to the login page a never ending spinning wheel shows.

                Is this due to the certificate?

                I did a Get(ConnectionState) and it shows 2

                I also use Get(ConnectionAttributes) and I can see

                [ Peer Certificate ]

                commonName: cases.siucentral.com

                CA Issuers: thawte DV SSL CA - G2

                but on both my FM clients and GO I get the black padlock.

                What can I do?????

                • 5. Re: SSL SHA-1 dependancies
                  TSGal

                  fperez:

                   

                  When you purchased the Thawte certificate, you should have selected "Use SHA-256 for the certificate and SHA-1 for the root CA" for Signature hash algorithm during purchase of the certificate.  This is described in more detail under Knowledge Base Article #11413 "List of supported SSL certificate types and vendors for FileMaker platform".

                  List of supported SSL certificate types and vendors for FileMaker platform | FileMaker

                   

                  Contact Thawte directly to get the correct certificate.

                   

                  TSGal

                  FileMaker, Inc.