Are we able to finally use let's encrypt ssl cert's with FM 16 server and clients, or are we still forced to use a purchase cert?
You should stay with the companies that FMI allow
I guess what I'm asking is if Let's Encrypt is now included in that list.
Simple answer NO
I you wanna bring this forward as a Feature Request (Product Idea), please post link here.
I have been using Server 15 with Lets Encrypt cert for around a year (+/- a few months) now with no issues.
I have used client versions 14, 15, and 16 with with this setup.
Only complaint I have is that you can't use Server admin console to create or renew and then automatically install the Cert.
That would be an awesome feature!
Johan Hedman wrote: Simple answer NOhttp://help.filemaker.com/app/answers/detail/a_id/14176
Johan Hedman wrote:
They dropped Digicert? Am I wrong in perceiving that they no longer list any wildcard certificates under 'tested certificates'?
In that article, step #4 in creating the CSR:
How to use Free Let's Encrypt SSL Certificates with FileMaker Server:
I had installed Let's Encrypt certificates on 4 servers (2 Windows Server 2012 R2 and 2 Mac Minis) running the latest FMS15 in May. I upgraded all of them end of May early June to FMS16 and imported the certificates. Everything was running just fine and using FMPA16 I was getting the Green lock. Also everyone with FMP 14.0.5 and up would access the server just fine.
I had to renew now the certificates and did the process for all of them. On WebDirect and Admin Console I have no problems. BUT with FMPA 15 and 16 I get the warning that it can't verify the identity. While clicking to view the certificate, it shows all Green and valid just like in the browser. I also discovered that no FMP14 user can access the servers now.
For one server I even completely deleted the previous certificate and redid the whole process with new certificate request all over again. The result is the same. By the way all servers run 16.0.1, I haven't updated them to 16.0.2 just yet.
By the way I am well aware that Let's Encrypt certificates are not tested as supported but I am wondering if anyone has had the same or similar issue to help me out.
velistar wrote: By the way I am well aware that Let's Encrypt certificates are not tested as supported but I am wondering if anyone has had the same or similar issue to help me out.
Is the cost of one supported wildcard cert more than the cost of the lost time & time spent troubleshooting? Hard to imagine.
If you need support from FMI I can pretty much guarantee it will be the first thing they ask you to remove before doing more helping. So why even bother?
wimdecorte wrote: Is the cost of one supported wildcard cert more than the cost of the lost time & time spent troubleshooting?
Is the cost of one supported wildcard cert more than the cost of the lost time & time spent troubleshooting?
How many hours have you spent trying to get it to work?
Go Daddy had them for $50 - $260/yr.
The side effect of a free SSL cert is often that they don't do any actual verification to make sure the domain belongs to the server you are using. I've seen site spoof others' servers using an unverified SSL cert.
Yep, that's why it is called "Let's Encrypt" and not "Let's Verify". Encryption is just part of the value of an SSL cert. "Let's Encrypt" certs have been used for some very shady purposes which is why their reputation is not stellar.
Interesting update on my earlier post.
First of all one of the two Mac Mini servers didn't have a certificate earlier so I created a completely new one, which works just fine.
Secondly, I made an update to 16.0.2 on all four servers. The Let's Encrypt certificate comes out nice and green for both MacMinis but still its an issue for the Windows servers. It shows the warning but the details of the certificate are shown as Valid.
I do understand that Let's Encrypt is not a recommended CA but what about any others that are also not listed as supported but paid for? Where exactly is the security if FileMaker doesn't prohibit using other CAs but browsers are just fine with them?
Still it's interesting to hear from others that have tried and used Let's Encrypt if they have similar issues or more importantly found solutions.
Retrieving data ...