11 Replies Latest reply on Jul 3, 2017 1:42 AM by dburnham

    Transfer SSL Certificate and Private key files from Mac server to windows server

    thiyagarajan

      Dear All

       

      We have been using FileMaker Server in Mac mini for 6 months and now we migrated to windows server. We uninstalled everything and copied only "CStore( Related to SSL Certificate)" folder from Mac FileMaker Server Installation.

       

      Then , I installed same installation and up and running our application. Now everything is working fine. Only the issue , windows filmmaker server setup now use default custom certificate. We already purchased custom SSL certificate for our domain using private key file which is generated through filmmaker server , Mac server installation.

       

      But now, we uninstalled existing filmmaker server fro Mac machine and everything moved to windows server. But our domain account now redirects to current filemaker windows server. So , Domain is the same for SSL.

       

      Only thing, We need to transfer existing "Custom SSL certificate and private key file " to new filemaker server installation in windows server.

       

      I am thing not sure that we can copy custom signed ssl certificate and private key file from Mac machine and paste into "CStore" folder of current filemaker server installation path and then perform "Import certificate" action to import 2 existing files.

       

      But this is not sure from my side will work?. Can anyone please tell me how I can transfer my ssl certificate and private key file to new installation in another machine please.

       

      Regards

      Thiyagu

        • 1. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
          wimdecorte

          thiyagarajan wrote:

           

           

           

          I am thing not sure that we can copy custom signed ssl certificate and private key file from Mac machine and paste into "CStore" folder of current filemaker server installation path and then perform "Import certificate" action to import 2 existing files.

           

          You should never ever put or paste something in the FMS cstore folder!  The import certificate process will take care of putting things in the cstore folder.

           

          Copy the crt files and the serverkey.pem file over to the windows machine (any folder, say the desktop) and then use the FMS admin console to import the certificate.  If for some reason that does not work, just create a new CSR on the windows machine and have the SSL cert re-issued.  That's much faster than trying to troubleshoot.

          2 of 2 people found this helpful
          • 2. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
            CICT

            Sorry Wim, seems we occasionally have different points of view, but you can copy the serverrequest.pem and serverkey.pem files to the cstore folder and subsequently use the admin console to install the server and intermediate certificate (cer) files. This is particularly important if you're running multiple servers and a wildcard certificate.

             

            Regards

             

            Andy

            • 3. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
              wimdecorte

              CICT wrote:

               

              Sorry Wim, seems we occasionally have different points of view, but you can copy the serverrequest.pem and serverkey.pem files to the cstore folder and subsequently use the admin console to install the server and intermediate certificate (cer) files.

               

              Sure you can; but in many instances (and especially on Macs), copying something to the cstore folder affects its permissions and screws things up.  And copying something into that folder is not needed for normal installs so it just creates confusion.

               

              This is particularly important if you're running multiple servers and a wildcard certificate.

               

               

              Can you expand on this?  I use mostly wildcards and on multiple servers and never had the need to copy something into the cstore folder.  Are you talking about 2-machine deployments?

              • 4. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                CICT

                Hi Wim

                 

                Yup, I tend to forget the permissions issues on Mac servers, as we don't use them. Windows servers give us the luxury of adding things and even doing drop in file upgrades within the main database folder without repercussions; great for separation solutions (and impossible to do any other way if Gbs of data involved with external container storage). You are correct if someone doesn't know chown, chgrp and chmod, but then again I'd think any administrator of a Mac server would have to.

                 

                We have a set of procedures that usually puts the .pem files in the CStore folder and since v15 can use the admin console to add the .cer files. As it is a procedure updated from v14, we've never tried alternatives as it just works and yes the same on 2-machine deployment, albeit using command line.

                 

                All the best

                 

                Andy

                • 5. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                  thiyagarajan

                  Thanks all.

                   

                  I did fresh installation in windows server and created a new .csr file and sent same certificate authority to reissue certificate based on new .csr.

                   

                  Then I imported certificate with Intermediate certificate into server and restarted filemaker services . Its working fine now.

                   

                  Thanks a lot for all.

                  • 6. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                    justinc

                    I'm running into a similar situation - I'm trying to move  a cert from one server to another.  The new server is a replacement for the old one, but is based on a newer more updated 'image' (these are AWS instances).  The new server will have the same name and IP as the old one.

                     

                    But all I have from the old server is the contents of the "CStore" folder.  There isn't a ".cer" or ".crt" file; the coworker that created these can't seem to find it either - and he's not certain if he used a PW when creating the key.

                     

                    So my question is:  does the original "CStore" folder contain all the files that I need to install this certificate on the other server?  Or is there some other file that is needed?

                     

                    Thanks,

                    Justin

                    • 7. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                      wimdecorte

                      I would reimport the cert and not fiddle with the contents of the Cstore folder.

                       

                      I'm assuming you kept the original ServerKey.pem and the cert files you got from the CA?  If not; do keep them around in case you have to reinstall from scratch in a Disaster Recover scenario.

                       

                      Reimporting the cert is always good practice for those DR moments.

                      3 of 3 people found this helpful
                      • 8. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                        justinc

                        Wim,

                             By 'reimport' do you mean start a new "Create Request..." process with the certificate vendor?  I was thinking that might be the easiest way.

                         

                        As for keeping the files around...I only know of what's in the current "CStore" folder from the old server.  I have inquired with my co-worker who set things up originally, but he doesn't recall having/keeping other files around.  He thought they would have been stored on the server; but I did a file search and couldn't find anything with ".cer" or ".crt" extensions.  Oddly...the search didn't turn up a ".pkcs" file either - even though I could see one sitting in the "CStore" directory.

                         

                        Thanks,

                        Justin

                        • 9. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                          wimdecorte

                          No, I meant:

                          - the ServerKey.pem that is created when create the certificate signing request in the admin console or the fmsadmin CLI

                          - and then the actual crt files that CA gives you.

                           

                          If you have those then you can go to a fresh install of FMS and do the import without having to create a new CSR and rekeying the certificate.

                          Especially handy if you have a wildcard cert obviously.

                          1 of 1 people found this helpful
                          • 10. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                            justinc

                            I didn't have the original ".crt" file, so I ended up going through the full CSR process again.  It wasn't too terrible. 

                             

                            Once I got a new keyed certificate I was able to get it installed fairly easily.  My provider gave two certificate files in their download - the 2nd one I was able to use as an intermediate certificate.

                            • 11. Re: Transfer SSL Certificate and Private key files from Mac server to windows server
                              dburnham

                              Maybe you know the answer to this one.

                               

                              When I upgraded from FMS 15 to FMS 16, the certificate and key file were placed in a folder called "Backup".  I know that FMS-16 requires an intermediate certificate so I went through the process that begins with Start Over, where the Admin Console tells me that the previous files were successfully removed.  Then, I issue a new CSR request and download the new Certificate file and Intermediate Certificate file, but there is not a new ServerKey.pem file where I expect it to be.

                               

                              And when I try using the previous one, of course it doesn't work.

                               

                              I believe I have found the error, but I don't know if it is a bug.

                               

                              When using the Start Over command, the Admin Console reports that it has removed the previous certificate and key files, but in fact it doesn't.  It only removes the key file (if it was there at all) but it leaves the previous Request file in place.  Then, when you create a new CSR request file, it doesn't make the new Key file that must be used in tandem with the new certificate.  But if you manually get rid of the previous Request file, then you get the dialog box where you enter all your info again, and then it DOES make the new key file with the request file.