1 2 Previous Next 26 Replies Latest reply on May 27, 2017 6:54 AM by fmpdude

    FMS 16 GoDaddy SSL Cert

    taylorsharpe

      Yesterday I upgraded my FileMaker Server from 15 to 16.  All went well including buying and installing a GoDaddy Standard SSL.  It worked just fine and the clients showed the green icon and (in 16) could click on it and see the cert is valid, etc.  I tried 15 and 16 FMP/A's and all worked fine, so I was quite happy.  Then today, the clients are getting this SSL warning.  Note that it says the SSL is invalid and can't be verified.  However, if you click on the "View Certificate", then it shows that "This certificate is valid".  See below where I've connected from the remote desktop Launch Center. 

       

      Is it possible that the cert didn't load the full chain or FileMaker chose to not trust GoDaddy root?  Any suggestions?

       

      SSL.png

        • 1. Re: FMS 16 GoDaddy SSL Cert
          bigtom

          FM16 SSL verification issues.

           

          More people with same/similar issue. I fixed it with a FMS reinstall, new request, rekey, load cert and intermediate, restart service.

           

          Let us know how it goes.

          • 2. Re: FMS 16 GoDaddy SSL Cert
            taylorsharpe

            Thanks for the link, Tom.  Yep, found the same situation here that you need the intermediate crt file too.  Lesson learned.  Thanks!

            • 3. Re: FMS 16 GoDaddy SSL Cert
              CarlSchwarz

              Oh dear, I've been installing Godaddy to 15 without the intermediate crt!  Thanks for the heads up taylorsharpe bigtom

              • 4. Re: FMS 16 GoDaddy SSL Cert
                taylorsharpe

                CarlSchwarz wrote:

                 

                Oh dear, I've been installing Godaddy to 15 without the intermediate crt! Thanks for the heads up taylorsharpe bigtom

                The frustrating thing is that it will happy import without the intermediate crt file and tell you it was successful and to restart the server.  So you think all is good when it isn't. That is what got me. 

                1 of 1 people found this helpful
                • 5. Re: FMS 16 GoDaddy SSL Cert
                  bigtom

                  16 is the first version that gave me a problem not using the intermediate cert. Strange that only fmapp clients on 5003 get the error.

                  • 6. Re: FMS 16 GoDaddy SSL Cert
                    David.Wolfe

                    I posted this to FMForums.com but I see that there is a similar thread here.  Looks like the issue I'm seeing isn't unique.  Here's what I posted to FMForums...

                     

                    Trying to get our FM16 server happy with ssl since it's more gripey about that sort of thing now.  Our company has a proper public wildcard cert purchased via Network Solutions.  I have the private and public keys separated out for easy access and the intermediate certs for the CA.

                     

                    I am able to install the certs in the FM server console without issue but I only seem to be able to specify the first CA intermediate cert - "...OV Server CA 2" in the attached screenshot.  I have tried following the chain concatenation instructions here: https://help.filemaker.com/app/answers/detail/a_id/11413/

                     

                    I have had to concatenate certs into a single file before for other apps so it's a familiar thing for me.  But, not matter what order I concatenate the chain certs into a single file the FM16 console isn't happy with it.  Always says it can't import the ",,,OV Server CA 2" cert.  So, I have tried to specified just the "...OV Server CA 2" cert as the intermediate and I have even tried configuring the cert options without any intermediate and just referenced the private and public keys.  Those imports work... however...

                     

                    When I connect to the server with the full FM16 client, I get the warning that 'FileMaker Pro can't verify the identity of "host.server.com:5003" '

                     

                    When I view the cert presented on that warning dialog, it seems clean.  No host name warnings, no untrusted intermediary, all good.  I can continue on with the connection but the lock icon is red which is annoying.

                     

                    So the question is...  How do I figure out what the fat client is unhappy with?  Heck, the cert chain thing may not even be related to this issue with the fat client.  Could just be a red herring.

                     

                    Any clues?

                    Thanks all.

                     

                    P.S. Connecting via WebDirect in a browser goes cleanly.  The cert is presented by FMS and the browser is happy with it so again, not sure why the fat client isn't happy.

                     

                    -David

                    • 7. Re: FMS 16 GoDaddy SSL Cert
                      David.Wolfe

                      Well of course after I post the first message I tinker around a get my solution a few minutes later.  Manually installing all of the intermediate certs to the Local Computer - Trusted Root Certification Authorities store has made the fat client happy.  Not sure why a browser is happy with the cert without that manual action but the fat client isn't.  But, anyway, that's a way of dealing with it for now.

                      • 8. Re: FMS 16 GoDaddy SSL Cert
                        ecallaghan

                        This is driving me insane. I created a CSR - bought an SSL with go daddy and downloaded the cert - 2 files. Each time I try and import in the admin console I get "Certificate could not be imported: The private key file already exists. Please remove it and run the command again. The Private Key File is the one found in CSTORE but I have also tried with the one I downloaded when creating the CSR initially and tried removing the one from CSTORE and running it again - same problem. I have checked folder permissions are RW - nothing it working!!! GRRRR

                         

                        can you assistwimdecorteScreen Shot 2017-05-12 at 15.51.34.png

                        • 9. Re: FMS 16 GoDaddy SSL Cert
                          JaredHague

                          In that image the Intermediate Cert is wrong.  Its a publicly available cert.  I was having the same issue and the intermediate cert was posted in another thread.

                          FM16 SSL verification issues.

                          • 10. Re: FMS 16 GoDaddy SSL Cert
                            ecallaghan

                            Thank you - this will be my 3rd Re key and CSR -

                            • 11. Re: FMS 16 GoDaddy SSL Cert
                              bigtom

                              The serverKey file in cStore is the one you should select when importing the private key. Yes, it's already there, but needs to be imported.

                               

                              FMI keeps saying this process is so easy in the admin panel but importing a file that is already at the destination is certainly not intuitive.

                              • 12. Re: FMS 16 GoDaddy SSL Cert
                                ecallaghan

                                Yeah - have tried that and tried without an intermediary and always get Private Key file exists please remove it and run the command again. I'm downloading the crt for 'Other' type of file server from Go Daddy - Also tried with the intermediary suggested above Screen Shot 2017-05-12 at 16.38.07.pngScreen Shot 2017-05-12 at 16.45.49.pngScreen Shot 2017-05-12 at 16.47.04.pngScreen Shot 2017-05-12 at 16.38.40.png

                                • 13. Re: FMS 16 GoDaddy SSL Cert
                                  Mike Duncan

                                  For godaddy, you can get the intermediate cert here:

                                   

                                  http://certificates.godaddy.com/repository/gdig2.crt

                                  • 14. Re: FMS 16 GoDaddy SSL Cert
                                    sibrcode

                                    It used to be common to not need intermediate certs, and that may even still be the case, but rarely. I believe this was somehow related to making it harder to spoof a certificate.

                                    1 2 Previous Next