7 Replies Latest reply on Apr 24, 2017 4:23 PM by bigtom

    Multi-domain SSL Certificate and FileMaker Server 15+?

    dchretien

      When you generate a certificate request using FileMaker Server, you must provide either a FQDN or a wildcard request based on a specific domain (*.domain.com, for example.)

       

      Does anyone know if there is a way to install a certificate that will work for more than one domain name?

       

      As an example. consider a client who has registered mybusinessdomain.com, mbd.com, mybusinessdomain.biz, and mbd.biz, and who would like all of these to be an acceptable method of connecting to their FileMaker through their server. 

       

      I know that we can forward all of the domains to one of these, but might that not lead to a "name mis-match" warning?  At the least, it may leave some of the client's users concerned that they're connected to a different domain name than that which they entered.

        • 1. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
          bigtom

          UCC/SAN certs can do multiple domains on the same server. Never tried one with FMS though.

           

          In my experience the SSL list from FMI is pretty vague and noone at FM seems to know anything about what certificates will actually work.  I think a standard GD UCC would be compatible.

          • 2. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
            Menno

            I did not use the FileMaker Server interface to create a CSR. Instead I just used my webserver's certificate and imported that in the FMS console. I have 4 domains tied to that certificate and it works like a charm, including on Go and WD.

             

            So you do not have to use the FMS-interface to create a CSR. Instead you could use you CA's web interface to create one. There are ton's websites where you can generate a multi domain CSR ( SAN-CSR), an example is: https://certificatetools.com info on that tool is on this blogpost but there ar lots of other good ones. My personal favourite at this moment is Lets Encrypt, where I use these instructions and these on certbot for the automatic generation of CSRs, KEYs and Certificates.

             

            Maybe a but much information, but it works fine for me, so I hope this helps you.

            3 of 3 people found this helpful
            • 3. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
              dchretien

              Thank you, Menno.

               

              I will test this, and see what happens.  It may take some time, because my client is just beginning the discussion of what they want, but I'll post the results when I know.  (It will get interesting because they are running separate web and email servers and now, we'll be adding the FileMaker Server to the mix.  Right now, they don't have anything but self-signed certificates in use.)

               

              I was under the assumption that FileMaker Server had to generate the CSR for it to work, but since that's not the case, this sounds as though it will meet their needs.

               

              Thanks again.

              • 4. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
                Mike Duncan

                Hi Menno,


                Are you saying you are using a cert from Lets Encrypt with FM Server? I would be surprised if it is completely supported unless it is also listed in FM Server's supported root certificate authorities, regardless if it installs correctly. Would like to know if it is tho.

                 

                Thanks
                Mike

                1 of 1 people found this helpful
                • 5. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
                  Menno

                  Hi Mike,

                   

                  Yes I am using lets encrypt on my fm server and have green locks indicating the ssl-connections works. I have not implemented automatic generation and renewals of the certificate on my fm server. I use a separate webserver that does that for me in the same network. Just this week I installed the renewed certificates. I run fm server on windows server 2012, my webserver is an ubuntu 14.04

                   

                  Cheers, Menno

                  • 6. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
                    chaseholden

                    To be clear, Menno, you're successfully hosting multiple domains to the same FM Server all with valid SSL validation like this…???

                     

                    HTTPS:// DomainOne.com   > X.1.1.1/fmi/webd#FMS1.fmp12

                    HTTPS:// DomainTwo.com   > X.1.1.1/fmi/webd#FMS2.fmp12

                    HTTPS:// DomainThree.com > X.1.1.1/fmi/webd#FMS3.fmp12

                    HTTPS:// DomainFour.com   > X.1.1.1/fmi/webd#FMS4.fmp12

                     

                    Are you running a DNS Server on your local network to redirect HTTPS traffic or otherwise translate/map domains to respective fmp12?

                    • 7. Re: Multi-domain SSL Certificate and FileMaker Server 15+?
                      bigtom

                      I am pretty sure this is how it will work. I might find time to test a multi domain certificate in a day or so if there is no reply. I know others have successfully used Wildcard SSL certs to secure multiple sub domains on one FM server. I believe the Wildcard can also work with the same certificate on multiple servers.