Thank you for your post!
I can't say why the Certificate or Key would have become mismatched, but there is no way to force a Certificate to match with a key. This may be due to the Server 15 requiring a Private Key Password: fmsadmin certificate import <path to certificate> —keyfilepass
You might clear the CStore folder of the request, key, and custom ".pem" files and see Creating a new custom SSL certificate for FileMaker Server to make a new request and import a new generation of the Certificate.
I have requested a SSL re-issue of the Geotrust TruebusinessID SSL certificate.
The messages that I had from Geotrust during this process included:
Submit your CSR
- RSA: Use a 2048-bit key to generate your CSR.
- Do not include passwords or challenge phrases.
- We issue your certificate using the domain and organization submitted with your order, not your CSR.
FSADMIN statement used to generate the certificate:
sudo fmsadmin certificate create "/CN=www.ceos.co.nz/O=Certification Board for Inspection Personnel/C=NZ/ST=Taranaki/L=New Plymouth" --keyfilepass secret
sudo fmsadmin certificate import /Library/FileMaker\ Server/CStore/www_ceos_co_nz.crt --keyfilepass secret
the error message that the server key and the certificate dono match occurs and I cannot import the certificate.
I have contacted Geotrust support and their response was:.."
What filemaker is suggesting is to encrypt your "private key" with a password, not your CSR.
Your CSR is just a plain text and shouldn't be password protected.
I would recommend you to contact Filemaker and find out how to generate a private key with password protected."
Am I using an incorrect syntax or form the the FSADMIN Create and/or Import statements?
Does FileMaker Server 15 also support Geotrust True BusinessID with Wildcard? It was not specifically indicated in the KnowledgeBase.