1 Reply Latest reply on May 12, 2017 1:10 AM by CICT

    How to create new csr before old certificate expires?

    dkb

      BACKGROUND

      • I have an existing certificate (GeoTrust QuickSSL) on FMS15 due to expire.
      • The existing certificate is no longer supported by FM so I bought a new, supported certificate (Comodo EV SSL).
      • Authorizing the new certificate can take up to 10 days.
      • Using the FM admin-console Create Request... command will overwrite the existing cStore files

       

      PROBLEM

      • I can't delete the existing certificate on a server that is in use until the new certificate is authorized and ready to be installed. How do I create a new csr using the Create Request... command without it deleting or overwriting the existing cStore files (i.e. the current certificate)?

       

      Perhaps I am missing something obvious. Any advice is appreciated.

       

      Thx in advance,

      - doug

        • 1. Re: How to create new csr before old certificate expires?
          CICT

          I believe this is the procedure we've been using since v15 was released (this is using a wildcard certificate, but I don't believe that should affect anything and references below are for Windows, hence 'Notepad', 'Program Files', etc AND please remember we don't have permissions issues on Windows, if you're a Mac user, you may wish to wait for someone else to post):

           

          We've generated our certificate using the vendor's online CSR generation tool

           

          Copy the certificate request (CSR) text into Notepad and save as serverRequest.pem

           

          Copy the Private Server Key text into Notepad and save as serverKey.pem

           

          Copy the Web Server Certificate into Notepad and save as a .cer file, call it Server Certificate.cer

           

          Copy the Intermediate Certificate into Notepad and save as a .cer file, call it Intermediate Certificate.cer

          ----

          Backup your current cStore certificate related files

           

          Copy to Program Files\FileMaker\FileMaker Server\CStore\

            serverKey.pem

            ServerRequest.pem

           

          Copy the Server Certificate.cer and Intermediate Certificate.cer files to Documents or similar

          -

          (if following already setup, skip to 'Import Certificate' below)

          In Server Admin, click Database Server

            Security

            Restrict access to databases per user

            Select 'List only the databases each user is authorised to access'

            Click 'Save'

           

            SSL Connecctions

            Click 'Use SSL for database connections'

            Click 'Save'

           

            Progressive Downloading

            Click 'Use SSL for progressive downloading'

           

            Click 'Save'

            Ignore restart server messages, as we'll be doing this shortly

          -

            Click 'Import Certificate'

            Signed Certificate File

            Click 'Browse'

            Select 'Server Certificate.cer' from 'Documents'

            Click 'Open'

            'Intermediate Certificate File'

            Click 'Browse'

            Select 'Intermediate Certificate.cer '

            Click 'Open'

            Private Key File:

            Click 'Browse'

            Navigate to Program Files\FileMaker\FileMaker Server\CStore\serverKey.pem

            Click 'Open'

            Private Key Password:

          Usually left blank

            Click 'Import'

           

            A red 'Certificate imported successfully' should appear

           

          We restart the complete server to fulfil FileMaker Server restart requirements, but should be able to just restart FMS

           

          When restarted, log into the admin console using:

            https://server.domain.name:16000

            View the certificate, which should be valid

           

          Perhaps not the most official way to do it, but it has helped us use the same certificates across different servers and between IIS and FileMaker Server Master and Worker servers in a 2-server deployment and a convenient way to update the current certificate.

           

          Hope this helps

          Andy