8 Replies Latest reply on Nov 17, 2016 8:34 AM by TSGal

    DigiCert Wildcard Certificate Issues on FMS15

    cwhorton

      Though the DigiCert Wildcard Certificate is listed here for FileMaker Server 15:

      List of supported SSL certificate types and vendors for FileMaker platform | FileMaker

       

      After installation (and FM Server restart) you still get the warning on the Database Server > Security tab:

      "Warning: The custom SSL certificate installed on this server does not originate from a Certificate Authority (CA) supported by FileMaker. FileMaker Go cannot be used to connect securely with this certificate."

       

      It turns out, however, that FileMaker Go 15 and FileMaker Pro 15 can connect without issue and show it as a valid certificate with a green lock.  So, the warning in the Admin Console seems to be a bug.  Attached I've included a screenshot of the certificate details and warning.

       

      But, this certificate (or, at least this certificate and not the default certificate) creates another issue.  When I install this certificate on a Virtual Machine (Windows 2008 R2 SP1 on Citrix XenServer 6.5) that VM operates just fine.  I can power it on and off and FileMaker Server 15 always seems to come back up.  However, if I turn off the VM, clone the VM, and then turn the clone on (no changes to IP or MAC address or any other hardware settings) the FileMaker Server service refuses to start.   In the Windows Application Event Logs the error "FileMaker Server Helper quitting! Network initialization error. (CORBA::INITIALIZE)" is found.  If I remove serverCustom.pem from the CStore folder then FileMaker Server will start again on the cloned VM, but of course using only default SSL certificate.

       

      Cloning VMs allows for rapid server deployments and is a means of server backups.  Please investigate and correct.

        • 1. Re: DigiCert Wildcard Certificate Issues on FMS15
          TSPigeon

          cwhorton:

           

          Thank you for your post!

           

          Two separate issues here I think.

           

          After installation (and FM Server restart) you still get the warning on the Database Server > Security tab:

          "Warning: The custom SSL certificate installed on this server does not originate from a Certificate Authority (CA) supported by FileMaker. FileMaker Go cannot be used to connect securely with this certificate."

          Other than the Warning Message I agree everything seems to be fine with your SSL Certificate installation. Do you have WebDirect deployed and does it complain about the certificate?

           

          "FileMaker Server Helper quitting! Network initialization error. (CORBA::INITIALIZE)" is found.  If I remove serverCustom.pem from the CStore folder then FileMaker Server will start again on the cloned VM, but of course using only default SSL certificate.

          Would it be possible to get a Copy of the CSTORE folder on the Original VM and a Copy of the CSTORE folder from the Clone where the issue occurs?

           

          I look forward to your response.

           

          TSPigeon

          FileMaker, Inc.

          • 2. Re: DigiCert Wildcard Certificate Issues on FMS15
            TSPigeon

            cwhorton:

             

            Could you also confirm that you followed:

            *Must import the Intermediate Certificate File to use these certificates via the FileMaker Server Admin Console on the Database Server > Security tab

            Via List of supported SSL certificate types and vendors for FileMaker platform | FileMaker  for Digicert.

             

            TSPigeon

            FileMaker, Inc.

            • 3. Re: DigiCert Wildcard Certificate Issues on FMS15
              cwhorton

              WebDirect is not complaining about the certificate on the original VM.  WebDirect, along with all of FileMaker Server, will not boot up on the clone when the certificate is applied.  On the clone I can remove serverCustom.pem, boot FileMaker Server and reapply the certificate and then the clone works.  A clone of that clone will fail though unless I do the same thing.

               

              I'm happy to provide the CStore folders.  How can I send them to you privately?

               

              Yes, I imported the Intermediate Certificate.

              • 4. Re: DigiCert Wildcard Certificate Issues on FMS15
                TSPigeon

                cwhorton:

                 

                Thank you for that information. I sent a message to your inbox with instructions to send your CStore folders.

                 

                The first issue I am sending a report to Testing and Development for. I will let you know when further information is available there.

                 

                This second issue, with FileMaker Server not starting in a Clone, I would like to investigate further.

                 

                TSPigeon

                FileMaker, Inc.

                • 5. Re: DigiCert Wildcard Certificate Issues on FMS15
                  DecisionGroup

                  We appear to have a similar issue with a Digicert wildcard certificate. Same warning but connections with desktop and Go versions show green lock.

                   

                  The one  problem that I am experiencing is not being able to upload files to Filemaker Server. The fields for name and password in the 'Upload to Filemaker Server' dialog box do no accept any entry (entry disabled).

                  • 6. Re: DigiCert Wildcard Certificate Issues on FMS15
                    majestic

                    I have a same issue of "WARNING" on the Admin Console Security tab.

                     

                    I strongly recommend to the support team to update "List of supported SSL certificate types and vendors for FileMaker platform" support page if FMS15 is still having a same issue.

                     

                    Unfortunatelly I found this discussion after purchasing $1425 Digicert 3-year wildcard certificate.

                    • 7. Re: DigiCert Wildcard Certificate Issues on FMS15
                      TSPigeon

                      All:

                       

                      I have confirmed the error below can be displayed improperly in FileMaker Server 15.

                      "Warning: The custom SSL certificate installed on this server does not originate from a Certificate Authority (CA) supported by FileMaker. FileMaker Go cannot be used to connect securely with this certificate."

                      As long as the have green locks and FileMaker Go connects you should be fine to continue using your certificate. Testing and Development is aware of the issue. I will respond back here when further information is available.

                       

                      TSPigeon

                      FileMaker, Inc.

                      • 8. Re: DigiCert Wildcard Certificate Issues on FMS15
                        TSGal

                        All:

                         

                        This issue has been addressed in FileMaker Server 15.0.3.

                         

                        TSGal

                        FileMaker, Inc.