AnsweredAssumed Answered

Problem with SSL verification of valid cert by FMP, mac network client

Question asked by ErichWetzel on Oct 25, 2016
Latest reply on Jan 9, 2017 by ErichWetzel

The following was originally posted here back in June and did not get any attention. I have made some recent changes to some of the system details, and the problem persists.

 

Current systems:

FMS 15.0.1.137 on a Mac OS 10.11.6 with a valid GoDaddy certificate of acceptable format to FMS.

FMP 15.0.2.220 on macOS 10.12.1 clients bound to Open Directory on a Server running macOS 10.12 and Server 5.2

 

For clarity:

FMP for a non-managed user shows the certificate as valid and approved and connects as usual with a green lock.

FMP on a managed user says the certificate cannot be validated but "show certificate" shows a valid verified certificate. The login can proceed through the "do you want to connect to this host" dialog and connects with a grey lock.

 

ORIGINAL POST:

 

FMS 15 on a Mac OS 10.11.5. Valid GoDaddy certificate of acceptable format to FMS. FMP 15 on Mac OS 10.11.5 clients.

 

Everything worked well until a recent problem required rebuild of our Mac OS 10.11.5 Server network user server. Created brand new user homes for network users.

 

Since the rebuild, the network users all get the unconfirmed SSL certificate dialog and grey lock showing encryption but no verification on log login to the databases. In the SSL certificate dialog, selecting the certificate shows that it is valid and verified.

 

Local users on the client machine all log in as expected and get the full green lock and SSL verification.

 

The server.FQDN.com replaces our real server name in the logs below. User replaces our real username. Console on the client trying to connect to FMS shows the following for each FMP login attempt:

 

6/8/16 2:47:19.352 PM com.filemaker.messages[1906]: 2016-06-08 14:47:19.351 -0400 [Main_0x7fff7d57f000] FMCertificateStore::AddNewContentToPEMFile() Write Error 20405: filemac:/Macintosh HD/Network/Servers/server.FQDN.com/Volumes/Data/Networkuserdata/user/Library/Application Support/FileMaker/FileMaker Pro/15.0/root.pem, amountToWrite 1521, amountWritten 0

6/8/16 2:47:19.353 PM com.filemaker.messages[1906]: 2016-06-08 14:47:19.352 -0400 [Main_0x7fff7d57f000] FMCertificateStore::RegenerateDefaultPEMFiles() AddNewContentToPEMFile failed.

6/8/16 2:47:19.395 PM com.filemaker.messages[1906]: 2016-06-08 14:47:19.394 -0400 [Main_0x7fff7d57f000] FMCertificateStore::AddNewContentToPEMFile() Write Error 20405: filemac:/Macintosh HD/Network/Servers/server.FQDN.com/Volumes/Data/Networkuserdata/user/Library/Application Support/FileMaker/FileMaker Pro/15.0/root.pem, amountToWrite 300157, amountWritten 0

6/8/16 2:47:19.395 PM com.filemaker.messages[1906]: 2016-06-08 14:47:19.395 -0400 [Main_0x7fff7d57f000] FMCertificateStore::AppendRootCAWithMachineRootCA() Error: cannot update FileMaker CA Pem file.

6/8/16 2:47:26.817 PM FileMaker Pro[1906]: Failed to connect (_okButton) outlet from (SFCertificatePanel) to (NSButton): missing setter or instance variable

 

It looks like the client is trying to write to the Application Support folder in the users home folder and is failing to write. I have deleted the FileMaker folder in Application Support. On restart of FMP, the FileMaker folder in Application Support is recreated. However, the error remains the same.

 

Pushed owner and owner permissions through the user home folder. Error remains the same.

 

This problem may be related to the issue here: FM 15 Can't approve certificates, open remote files, view Permitted Hosts preferences

 

Any ideas?

 

Thanks - Erich

Outcomes