3 Replies Latest reply on May 11, 2017 9:27 AM by velistar

    FMServer 15 does allow the use of non-supported SSL-CA's

    Menno

      Today I installed a new FileMaker Server 15 and thought to give my letsencrypt-certificate from my webserver a try on FMServer. Just because is has been made so easy now to import a ssl-certificate.

       

      AND IT WORKS JUST FINE!!!!!!

       

      It works on FM-GO, Webdirect AND on Pro/Advanced. On Pro/Advanced one gets the warning that FMI cannot validate the certificate, but the connection works fine and the connection IS encrypted. On Go and webdirect, i don't get any warning, which maybe a security-issue in the eyes of some of you.

       

      I am very happy though that for testing-purposes I can install virtually any certificate of my choice, which is for me "letsencrypt". And I've seen a few complaints here and there about this from others, so I am not the only one who likes this!

       

      So a big like you, for you FMI! Thanks!

        • 1. Re: FMServer 15 does allow the use of non-supported SSL-CA's
          Menno

          Today Benoît contacted me on how I succeeded in obtaining an installing a let's encrypt ssl-certificate on my fms15. Since it may help others too, I've copied my reply to this discussion:

           

          Hi Benoît,

           

          on a FMServer it is not possible to generate a certificate via Let's Encrypt.

          I used mMy webserver, which is an Ubuntu-Linux server, for generating a CSR and obtaining certificates. It is pretty easy as is explained on https://certbot.eff.org . There you can choose your webserver and OS and from there you find the correct instructions on how to do that.

           

          After you have succesfully obtained a certificate you can copy privkey.pem and fullchain.pem from where they are situated on your webserver. On Ubuntu that is /etc/letsencrypt/archive/<domainname>/

           

          Then you open the FMS-console and click on /DatabaseServer/Security/CreateRequest. Then click on "Start Over", to clear any previous installed certificates.

          Then click on "Import Certificate" and browse for the fullchain.pem-file for the certificate and for the privkey.pem-file for the private key. Then click on "import" in the same screen.

           

          When you're done you can check the certificate by clicking on "View Certificate". That's it!

           

          regards, Menno

          1 of 1 people found this helpful
          • 2. Re: FMServer 15 does allow the use of non-supported SSL-CA's
            tmlutas

            It *is* possible to locally generate the cert request (I just did) by shutting down the http server processes and using option 3 (spin up a temporary server) in certbot. Once the cert is generated, import.

             

            I think the difficulty is that the bot is both conflicting with the existing FM apache server and finding the non-used OS apache server and trying to work with that. If there is no server checked for, then there is no conflict.

             

            I hope this helps.

            1 of 1 people found this helpful
            • 3. Re: FMServer 15 does allow the use of non-supported SSL-CA's
              velistar

              With FileMaker 16 using an unencrypted connection becomes ever more annoying!

               

              Today I successfully created and added LetsEncrypt certificates on both Windows Server and MacMini Server

               

              I used zerossl.com