1 2 Previous Next 15 Replies Latest reply on Jun 28, 2017 5:39 PM by giordano

    FM Cloud - updating domain name / SSL certificate

    J_File

      Hi all,

       

      I am pulling my hair out with this. I can't seem to make any progress and it is very frustrating indeed.

       

      I am 60 days into my FileMaker Cloud subscription, which means I have only 30 days to update the domain name (away from the 90 day free one you get assigned when you sign up) and associate a new SSL certificate to this new domain name.

       

      I found what I thought was going to be a useful guide here: FileMaker Cloud and SSL Certificates | The Brain Basket

       

      Thing is, this only works (from what I have found) if all you are doing is renewing the initial .fmi.filemaker-cloud.com address that you are initially allocated when you set up the Cloud instance for the first time. The steps starting from around 10:00 minutes which involve getting the CSR text does not work if you are trying to set up a new domain name.

       

      Can anyone point me to another step through resource that may help? It feels that I need to update the domain name of m instance before registering the new SSL, but I can't see anywhere to do that on the FileMaker Cloud admin panel. Good information on this side of FileMaker Cloud is very poor. Bit disappointed to be honest.

       

      Lost around 4 hours on this already ....

       

      Thanks, J

        • 1. Re: FM Cloud - updating domain name / SSL certificate
          bigtom

          FMI keeps saying they have made SSL on FMS easier, but that is not actually the case. I recently fought with an SSL installation and it required a full reinstall of FMS to work. I am sure with FMC there may be similar issues. It may be the actual process or the documentation. Sometimes the key can be corrupted when the CA generates it. Rare but it happens.

           

          FMI has free install and setup support for FMS and FMC. I would give them a call and have them walk you through it if you do not find a good answer here. Other people have successfully done the process so I am sure you will get there from here.

          • 2. Re: FM Cloud - updating domain name / SSL certificate
            greglane

            KB 16125 is the most comprehensive documentation available:

             

            http://help.filemaker.com/app/answers/detail/a_id/16125

             

            You might also find some useful tips in the following thread, although some of the info that was posted in October/November is outdated. The process is actually easier than it used to be.

             

            https://community.filemaker.com/thread/167193

            1 of 1 people found this helpful
            • 3. Re: FM Cloud - updating domain name / SSL certificate
              taylorsharpe

              I have yet to set up a Cloud server, but was thinking about doing it for testing, etc.  I think the take I am getting from J_file's experience is that you need to have and know your domain name when you set it up initially or you will have difficulties down the road! 

              • 4. Re: FM Cloud - updating domain name / SSL certificate
                bigtom

                Please let us know here how you sort this out.

                • 5. Re: FM Cloud - updating domain name / SSL certificate
                  J_File

                  Thanks bigtom, I will give them a call on Monday and see if they can talk me through it.

                  • 6. Re: FM Cloud - updating domain name / SSL certificate
                    J_File

                    Hi Taylor,

                     

                    The thing is, I can't actually remember having the option to nominate your own domain at the point of FM Cloud registration. You are given a temporary domain from FMI (yourname.fmi.filemaker-cloud.com). With this comes this free 90 day certificate.

                     

                    From what I can make out, there used to be the ability to keep the .fmi.filemaker-cloud.com domain and simply renew the certificate by purchasing a new commode certificate. Whatever, I do not have the option to renew this. It explicitly tells me I have to register a new domain and have an SSL certificate to go with that:

                     

                    SSl Proof.png

                     

                    All FM Cloud instances have what is called a root directory, which is a very long domain name. This by all accounts never changes, and this is what you end up pointing your new domain name to by changing the www part of the CNAME in your domain control panel (123-reg, names.co.uk etc.).

                     

                    Looking more closely at my current certificate, it seems to be registered to the root directory domain name. I am wondering if I am able to register the new Comodo SSL certificate to the root directory, as opposed to registering it for the subdomain, and whether it will all still work OK. I have just done a quick check and I don't think that is going to work. When I enter the url of the root directory into my browser (the address to which the SSL certificate is assigned to) I get a nice green padlock in the address bar. Clicking on this shows that there is an SSL in place.

                     

                    If I then put the yourname.fmi.filemaker-cloud.com address in (the one the SSL certificate is not registered to), I get this instead:

                     

                    not secure.png

                     

                    Basically the connection is not secure.

                     

                    I remember, that I was surprised when the registration process threw up the SSL certificate on the root directory. I did get in touch with FMI and asked why it was set to the root and not the yourname.fmi.filemaker-cloud.com address. They reckoned it may have been something to do with the fact that the one I tried to register with them had the word "bank" in and that would be flagged up as something that was not allowed ... (my company name has the word bank in - but bank as in "somewhere to store something" as opposed to "financial institution".

                     

                    I think only FMI can help me on this one, I will see what they say when I speak to them on Monday.

                     

                    I have looked at the information posted at Configuring security for FileMaker Cloud | FileMaker and I still think the hard bit is getting the CSR, but I will keep trying!

                     

                    J

                    • 7. Re: FM Cloud - updating domain name / SSL certificate
                      PointInSpace

                      Note that we offer hosting of FileMaker Server and include complete management in our hosting packages, at competitive rates to FileMaker Cloud and without the hidden AWS fees.  In a scenario like you describe, *we* would take care of installing your SSL certificate on your machine, no need to struggle with doing it yourself.  And you end up with a full install of FileMaker Server, not limited like FileMaker Cloud is.

                       

                      Contact me either here or off-list to jmay(at)pointinspace.com for further details.

                       

                      - John

                      • 8. Re: FM Cloud - updating domain name / SSL certificate
                        bigtom

                        John,

                         

                        Not to get off topic, but I have yet to find a client that found the pricing, provisioning or capabilities of FMC favorable compared to other options.

                        • 9. Re: FM Cloud - updating domain name / SSL certificate
                          taylorsharpe

                          I agree that I think you will need FM Technical support to help out.  Or at least that is what I'd do. 

                           

                          Note that when you have an https connection that has the SSL warning, you still have a secure SSL encrypted connection.  What the warning is saying is that a trusted third party is not verifying that IP and domain name match.  There is some vulnerability there, but it is small.  In other words, it is better to have an https connection with such a warning than an http connection with no warning. 

                          • 10. Re: FM Cloud - updating domain name / SSL certificate
                            greglane

                            bigtom,

                             

                            We're not a hosting company, but we do provide managed hosting for many of the solutions we've developed for our clients. For the majority of the solutions we build, FileMaker Cloud's feature set is more than adequate. When everything is factored in (monthly/annual machine costs, DNS, SSL, setup, maintenance, performance, and reliability), we haven't found a lower cost option for basic FileMaker 15 hosting that we consider viable at our scale.

                             

                            The current version of FileMaker Cloud is a great start, but it's certainly not appropriate for every situation and the learning curve can be much steeper than the marketing materials might lead you to believe. Overall, we're very happy with FileMaker Cloud and look forward to its continued evolution.

                             

                            Greg

                            • 11. Re: FM Cloud - updating domain name / SSL certificate
                              sawhat

                              If you plan on using Comodo to purchase your SSL Certificate ?

                              I found this article on Comodo.com to be fairly concise.

                               

                              Also worth noting.

                              On Filemaker Cloud v.1.15.1.35

                              If you don't want to either buy a new domain or use a sub domain of a domain you already own (which would require adding a Cname to DNS after SSL installation) you can opt to use the original  xxx.fmi.filemaker-cloud.com URL provided by AWS. (requires HTTPs CSR Hash verification)

                               

                              If using the original AWS URL and Comodo for the SSL  :

                              In the final step you import SSL Certificate in your Cloud Admin Dashboad

                              *********importing a concatenated version of the CSR will fail with a (mismatched keys) error.*********

                              Apply the original  FQDN.crt and the Server.key to the appropriate fields.

                               

                              Caveat:

                              This is contrary to the documentation provided by Filemaker KB 16125 

                               

                              The software on this page provided by Claus Lavendt on thebrainbasket.com is a helpful tool. It can speed up the verification process by automating the process of placing a hashed CSR test file on your server so Comodo can authenticate your control over the URL.( which is not required if you control the DNS of the domain as verification can occur by the Domain registrant email address )

                              It will also help you create the keys necessary although you can easily created then with OpenSSL on the command line of your mac or *nix machine.

                               

                               

                              My best advice is to not wait until the end of the trial period to install a new certificate. Give your self a few weeks the first time you do it. It can be tricky and requires multiple steps. It is also worth noting that if you do not have the  *.pem that was created during the initial creation of your EC2 instance then you will not be able to renew the SSL certificate. Unfortunately you will have to spin up a new instance basically starting from scratch.

                               

                               

                              • 12. Re: FM Cloud - updating domain name / SSL certificate
                                taylorsharpe

                                sawhat wrote:

                                 

                                If you plan on using Comodo ?

                                I found this article on Comodo.com to be fairly concise.

                                 

                                Note that this article is for Comodo certificates being used with FileMaker's Amazon Cloud service on Linux only. 

                                • 13. Re: FM Cloud - updating domain name / SSL certificate
                                  giordano

                                  sawhat wrote:

                                   

                                  On Filemaker Cloud v.1.15.1.35

                                  If you don't want to either buy a new domain or use a sub domain of a domain you already own (which would require adding a Cname to DNS after SSL installation) you can opt to use the original xxx.fmi.filemaker-cloud.com URL provided by AWS. (requires HTTPs CSR Hash verification)

                                   

                                   

                                  That contradicts this sentence in the FileMaker Cloud documentation:

                                  Using the filemaker-cloud.com domain after the 90-day trial is currently not supported.

                                  • 14. Re: FM Cloud - updating domain name / SSL certificate
                                    sawhat

                                    Yes you are correct and i stated the same in my post. Note: if you go that route you must use Hash verification. Domain contact verification will of course fail because FileMaker owns the domain. I used this process for my installation and then after the fact set up a sub-domain i own to refer to my xxx.filemaker-cloud.com installation for my own convenience. You will get a warning when you access the sub-domain but can choose to ignore the warning and save your choice so subsequent attempts bypass the warning.

                                    1 of 1 people found this helpful
                                    1 2 Previous Next