3 Replies Latest reply on Apr 5, 2017 5:16 AM by jameshea

    FMS 15 SSL installation problem

    mmagrath

      After upgrading server OS to El Sierra (Mac ) and uninstalling Filemaker Server 14, Installation of Filemaker 15 has gone smoothly so far...

      and then:

      Installation of our Geostrust TrueBusinessID SSL is not working. The certificate, and other files have not changed (still where they should be and have not been modified)

      Server name is the same as the qualified domain name.

       

      As the certificate was initially created (while still on FMS 14) using fmsadmin certificate command, that is the method required to import the certificate into Filemaker Server (15). Unfortunately an error occurs as below

       

      IMPORT CERTIFICATE PROBLEM.png

      I have verified that the file referred to above server.Key.pem is not changed (same modification date) and permissions are correct (unchanged).

       

      Any ideas on what could be incorrect?

       

      - Michelle

        • 1. Re: FMS 15 SSL installation problem
          TSPigeon

          mmagrath:

           

          Thank you for your post!

           

          I can't say why the Certificate or Key would have become mismatched, but there is no way to force a Certificate to match with a key. This may be due to the Server 15 requiring a Private Key Password: fmsadmin certificate import <path to certificate> —keyfilepass

           

          You might clear the CStore folder of the request, key, and custom ".pem" files and see Creating a new custom SSL certificate for FileMaker Server to make a new request and import a new generation of the Certificate.

           

          TSPigeon

          FileMaker, Inc.

          • 2. Re: FMS 15 SSL installation problem
            mmagrath

            I have requested a SSL re-issue of the Geotrust TruebusinessID SSL certificate.

             

            The messages that I had from Geotrust during this process included:

             

            Submit your CSR

            • RSA: Use a 2048-bit key to generate your CSR.
            • Do not include passwords or challenge phrases.
            • We issue your certificate using the domain and organization submitted with your order, not your CSR.

             

            FSADMIN statement used to generate the certificate:

             

            sudo fmsadmin certificate create "/CN=www.ceos.co.nz/O=Certification Board for Inspection Personnel/C=NZ/ST=Taranaki/L=New Plymouth" --keyfilepass secret

             

            imported:

             

            sudo fmsadmin certificate import /Library/FileMaker\ Server/CStore/www_ceos_co_nz.crt --keyfilepass secret

             

            the error message that the server key and the certificate dono match occurs and I cannot import the certificate.

             

            I have contacted Geotrust support and their response was:.."

            What filemaker is suggesting is to encrypt your "private key" with a password, not your CSR.

            Your CSR is just a plain text and shouldn't be password protected.

            I would recommend you to contact Filemaker and find out how to generate a private key with password protected."

             

            Am I using an incorrect syntax or form the the FSADMIN Create and/or Import statements?

             

            regards Michelle

            • 3. Re: FMS 15 SSL installation problem
              jameshea

              Does FileMaker Server 15 also support Geotrust True BusinessID with Wildcard? It was not specifically indicated in the KnowledgeBase.