5 Replies Latest reply on Jun 3, 2016 12:14 PM by rowedesign

    FMS 15 SSL Cert Broke El Cap Server Logins?

    rowedesign

      We previously had FMS 14 running on our server as well as running our OS X calendaring server and all was running fine. Since installing FMS 15 it seems that an FMI Root Certificate for our domain has been added and has made our OS X server unable to provide services to both internal and external clients (we're only using the Calendar Server). Previously the server just had a self-signed domain cert that was working fine along with FMS 14. FMS 15 is running fine and we have SSL turned off in the FMS 15 console but now all Server accounts cannot log into their server accounts. Client machines originally showed an FMI Root Certificate after FMS 15 install so we checked "always trust" but that did not help. We can still not access any server accounts. To be honest this certificate stuff has my head spinning and I have no idea how the FMI cert and our previous self-signed cert are supposed to work together or why the FMI certificate affected our server logins?

       

      We also tried reinstalling the OS X Server again and got the error shown in the attachment.

       

      So I'm wondering if anyone has any ideas on what has happened? Do we need to add a trusted FMS domain certificate AND a trusted OS X Server domain certificate? I'm currently a little afraid to do anything that might break it more!

       

      Any help or possible solutions would be greatly appreciated!

       

      Thanks, Bob

        • 1. Re: FMS 15 SSL Cert Broke El Cap Server Logins?
          electon

          Have you checked the keychain on the server in identity preference of com.appple.servermgr ?

          There should be a setting for preferred certificate to use with the services.

          Maybe it got swapped by FMS install.

          • 2. Re: FMS 15 SSL Cert Broke El Cap Server Logins?
            TSPigeon

            rowedesign:

             

            Thank you for your post!

             

            A lot has been enhanced with FileMaker Server 15 security and SSL capabilities. The System Requirements for FileMaker Server 15 do not include OS X Server as a supported environment, so you may want to deploy on a dedicated environment. I am going to inquire about changes that may be causing this behavior. I'll report back once that information is available!

             

            TSPigeon

            FileMaker, Inc.

            • 3. Re: FMS 15 SSL Cert Broke El Cap Server Logins?
              rowedesign

              Thank you for your responses. Hopefully moving to a dedicated environment will be a last resort. I didn't see in system requirements where OS X Server was mentioned as not being compatible?

              Perhaps this SSL diagnostics is helpful? Would this be remedied with trusted filemaker certs? Seems like the FileMaker Certificates (Filemaker Root Authority) override existing certs?

              Server SSL Install.jpg

              • 4. Re: FMS 15 SSL Cert Broke El Cap Server Logins?
                TSPigeon

                rowedesign:

                 

                ...now all Server accounts cannot log into their server accounts.

                Could you elaborate on the above as far as what the Server Accounts are and where they are unable to log in?

                 

                Also, does the issue occur when SSL is disabled?

                What is the reason for your focus on troubleshooting the SSL?

                 

                TSPigeon

                FileMaker, Inc.

                • 5. Re: FMS 15 SSL Cert Broke El Cap Server Logins?
                  rowedesign

                  Just to give an update on this, after doing about 2 hours with Apple Enterprise Tech support and going through 3 levels of technicians trying to figure out FMS's effect on OS X Server and control of certificates, the end consensus was to just revert our server back to before we installed FMS 15 and the corresponding certificates and then purchase a dedicated iMac to run FMS 15. All is well now but it was a major headache.

                   

                  We had never had problems running FMS on our OS X server in the past. I think FileMaker should make a point of clearly stating in the System requirements that FMS 15 is NOT compatible with OS X Server instead of just alluding to the fact that it "isn't listed as a supported environment." OS X Server is a separate application so saying that FMS 15 is compatible with OS X El Capitan 10.11 does not in any way preclude or warn against running the OS X Server app.