3 Replies Latest reply on Feb 9, 2017 10:45 AM by alexpoulsen

    Filemaker Cloud SSL renewal, after expiration

    codifi

      Hi - we have setup Filemaker Cloud, and we let the renewal of the SSL cert expire (were out of town and all the other excuses).

       

      Does anyone know how/what to do to renew/purchase/install the SSL cert to get things back up and running?

       

      Of course we can't reach the server now that it's expired, but we can reach the Amazon console no problem.

       

      Thank you,

       

      Michael

        • 1. Re: Filemaker Cloud SSL renewal, after expiration
          anand_vaghela

          IE and Chrome browser should still allow you to access the FileMaker Cloud Admin Console (CAC) to allow you to import a new SSL certificate. 

           

          Once you access the CAC, click on Configuration --> SSL Certificates --> Import

          • 3. Re: Filemaker Cloud SSL renewal, after expiration
            alexpoulsen

            2/8/17 installing an SSL certificate in FileMaker Cloud

             

            situation:

             

            I was unable to buy COMODO’s certificate extension from FileMaker Cloud and I was unable to validate the domain of .fmi.filemaker-cloud.com using the hash method in order to install my own certificate for the fmi.filemaker-cloud.com domain.

             

            Calling FileMaker support line was frustrating. Ryan simply pointed me to knowledge base article 16125:

             

            http://help.filemaker.com/app/answers/detail/a_id/16125/~/configuring-security-for-filemaker-cloud

             

            “FileMaker Cloud comes with a trial SSL certificate and "fmi.filemaker-cloud.com" domain that is good for the 1st 90 days. To continue using FileMaker Cloud beyond the trial period, you must purchase a different custom domain name and SSL certificate.”

             

            Though my trial SSL certificate expired, I was able to apply a validated certificate and get my FileMaker Cloud instance running again. Here’s what I did:

             

             

             

            prerequisites:

             

            I have a paid AWS instance with FileMaker Cloud running with the original 90-day SSL certificate. That certificate expired while I was trying to get a certificate installed.

             

            Your private key-pair file for your AWS instance. I had saved mine as text to 1Password so I simply created a text file with the text and named it to match the key-pair name in AWS and appended .txt to that name. It is a simple text file.

             

            I used Claus Lavendt’s custom FileMaker app, FMC_CertificateHelper.fmp12, to generate the .csr (Certificate Signing Request) file and the .key (private key) file:

            http://thebrainbasket.com/?p=499

             

            I have a domain I control whose public DNS records I could edit.

             

            I worked with a Certificate Authority from whom I purchased an SSL certificate

            I used COMODO; Parin Patel was a great help (parin.patel@comodo.com) in getting it all done quickly and economically.

             

             

             

            solution method:

             

            I decided on a name for the FileMaker Cloud server as an entry in my domain’s DNS records (we’ll create a CNAME record at the end of the process). For example purposes, I’ll use the artificial name: fmc.example.com for my description here.

             

            Create the AWS Security Group entry for SSH as Claus directs on the second layout.

             

            Collect the AWS URL for your server instance. Mine is at ec2-xx-xxx-xx-xx.us-west-2.compute.amazonaws.com.

             

            On the second layout of Claus’ tool enter the name you’ve chosen in your domain (e.g., dmc.example.com) in the Instance URL field. Enter your AWS URL in the Instance AWS URL and click the OK-Next button.

             

            Import your AWS key-pair text file into the container field of the third layout. Type the server name you decided on in the Server Name/URL field (e.g., fmc.example.com). Fill in Organization, Country, State, Location fields as appropriate for your certificate’s domain. Click the OK-Next button.

             

            I’m on a Mac so I used Terminal to connect to AWS and to verify my instance to create the .csr and .key files. Click the OK-I have connected button. You can exit the Terminal app.

             

            Claus’ app created a folder named FMC_SSL in my Documents folder. In it are the two files I needed (using the example machine name) fmc.example.com.csr and dmc.example.com.key.

             

            This is all I needed Claus’ app to generate.

             

            I sent the fmc.example.com.csr to COMODO to generate a certificate request. Since the domain is under my control, I was able to validate the request with the usual email message from COMODO. I received the zipped folder containing the fmc.example.com.crt file from COMODO.

             

            I was able to log onto my expired FileMaker Cloud instance to click the Configuration tab and the SSL Certificates button. I clicked the hyperlink “import it” for using a custom SSL certificate. I chose the fmc.example.com.crt and the fmc.example.com.key files in the dialog. Restarting FileMaker Cloud changed the Host Name to my chosen host name replacing the .fmi.filemaker-cloud.com host name.

             

            Following the instructions in the email I got from fmcloud-admin@fmi.filemaker-cloud.com, I added a CNAME record to my domain’s DNS and promptly I was back working on FileMaker Cloud again.

             

             

             

            Alex Poulsen

            alex@webrep.com

            1 of 1 people found this helpful