12 Replies Latest reply on May 29, 2017 12:39 PM by PointInSpace

    FM16 SSL verification issues.

    bigtom

      In my testing of FMS 16 I have run across an issue with FMP16 and FMPA 16 clients. These show an SSL verification warning for host name mismatch and will only connect with the orange lock. When I view the certificate I see the host name is correct. Get(ConnectionState) returns 2.

       

      FMGo16, 15 & 14 Connect with green lock, no warning. FMP/FMPA 15 & 14 connect with green lock no warning. WedDirect connects with green lock. Get(ConnectionState) returns 3 for all these clients. FMS116 DATA API verifies the cert without issue. Note that FMP/FMPA16 shows green lock when connecting to upload files to server.

       

      This is an odd one and I cannot figure it out. Same server. Re-keyed certificate and same issue. Any ideas?

        • 1. Re: FM16 SSL verification issues.
          Mike Duncan

          Hi Tom,

           

          You may need to include the intermediate cert on FMS. This worked for me, then all supported clients got connected without issue.

           

          Thanks
          Mike

          4 of 4 people found this helpful
          • 2. Re: FM16 SSL verification issues.
            bigtom

            Mike Duncan wrote:

             

            You may need to include the intermediate cert on FMS. This worked for me, then all supported clients got connected without issue.

             

             

            Did a full FMS reinstall and included the intermediates as well and all is good now. Thanks.

            • 3. Re: FM16 SSL verification issues.
              dtcgnet

              By the "intermediate cert" from GoDaddy, do you mean the gd_bundle-g2-g1.crt file?

               

              I've encountered the same issue that bigtom experienced. I redid the "Import Certificate" step, and this time used the other file from GoDaddy, the gd_bundle as the intermediate file, and the server key. I got the message that the certificate had been imported. I logged out and restarted the service, but I'm still getting the orange lock icon when I open files using FM Pro. If I click on the icon, I get the message that the certificate is valid. Additional info: my server is a VM on AWS.

               

              Ideas?

               

              Funny Lock but Valid Cert.tiff

              1 of 1 people found this helpful
              • 4. Re: FM16 SSL verification issues.
                Mike Duncan

                For godaddy, you can get the intermediate cert here:

                 

                http://certificates.godaddy.com/repository/gdig2.crt

                3 of 3 people found this helpful
                • 5. Re: FM16 SSL verification issues.
                  dtcgnet

                  Thank you very much. I copied the information and saved that file as gdig2.crt.

                   

                  On my AWS server, I clicked Import Certificate. I used the file named with a bunch of letters and numbers as the Signed Certificate file. I used my server key for that. I used gdig2.crt as the Intermediate certificate. I received a success message. I logged out of the admin console, went to services, and restarted the FileMaker Server service. I quit FMP on my Mac, reopened, and went to "Open Remote". I'm still getting the orange icon even though when I click on it I'm told the certificate is valid.

                   

                  I did NOT do a whole new re-install of FMS (which bigtom did do).

                   

                  Any other thoughts?

                  1 of 1 people found this helpful
                  • 6. Re: FM16 SSL verification issues.
                    bigtom

                    I uninstalled FMS, reinstalled, new Certificate request, re-keyed the cert and used the new crt for the certificate and the bundle as the intermediate and the serverKey in cStore as the key file. Save, restart and it was working properly.

                     

                    You may be able to succeed with this process without the FMS reinstall.

                    • 7. Re: FM16 SSL verification issues.
                      dtcgnet

                      Got my green lock icons! Thanks much, Mike and bigtom.

                       

                      Adding the intermediate certificate is definitely something that needs to be done.

                      1 of 1 people found this helpful
                      • 8. Re: FM16 SSL verification issues.
                        ketil

                        Puuuuh! After two days of desperate trying and retrying I found this conversation. I downloaded the intermediate certificate from GoDaddy, imported it –  and now the little green icons are smiling at me:-). Thanks a lot!

                        2 of 2 people found this helpful
                        • 9. Re: FM16 SSL verification issues.
                          obospieler

                          I agree with the group on this.  You will need to install the intermediate cert on FMS.  This is very deceiving as FM 15 did not require this.

                           

                          Alos, when you unpackage the ZIP file from GoDaddy containing the two files, one looks like it should be the intermediate SSL but it is not.  I would encourage you to use the generic one that GoDaddy provides on their support site (link below).

                           

                          gdig2.crt (pem)

                          • 10. Re: FM16 SSL verification issues.
                            bigtom

                            I used the additional file provided in the download as the intermediate and the install went well and all is working on multiple installs.

                             

                            What is this file if it is not the intermediate cert?

                            • 11. Re: FM16 SSL verification issues.
                              obospieler

                              I have no idea.  The additional file has never worked for me as an intermediate SSL Cert.  I'm happy to be wrong about this as it makes sense.  It just hasn't been my experience.

                              • 12. Re: FM16 SSL verification issues.
                                PointInSpace

                                That is the intermediate certificate file, and has always worked for us.

                                 

                                - John

                                1 of 1 people found this helpful