1 Reply Latest reply on May 12, 2017 1:10 AM by CICT

    How to create new csr before old certificate expires?



      • I have an existing certificate (GeoTrust QuickSSL) on FMS15 due to expire.
      • The existing certificate is no longer supported by FM so I bought a new, supported certificate (Comodo EV SSL).
      • Authorizing the new certificate can take up to 10 days.
      • Using the FM admin-console Create Request... command will overwrite the existing cStore files



      • I can't delete the existing certificate on a server that is in use until the new certificate is authorized and ready to be installed. How do I create a new csr using the Create Request... command without it deleting or overwriting the existing cStore files (i.e. the current certificate)?


      Perhaps I am missing something obvious. Any advice is appreciated.


      Thx in advance,

      - doug

        • 1. Re: How to create new csr before old certificate expires?

          I believe this is the procedure we've been using since v15 was released (this is using a wildcard certificate, but I don't believe that should affect anything and references below are for Windows, hence 'Notepad', 'Program Files', etc AND please remember we don't have permissions issues on Windows, if you're a Mac user, you may wish to wait for someone else to post):


          We've generated our certificate using the vendor's online CSR generation tool


          Copy the certificate request (CSR) text into Notepad and save as serverRequest.pem


          Copy the Private Server Key text into Notepad and save as serverKey.pem


          Copy the Web Server Certificate into Notepad and save as a .cer file, call it Server Certificate.cer


          Copy the Intermediate Certificate into Notepad and save as a .cer file, call it Intermediate Certificate.cer


          Backup your current cStore certificate related files


          Copy to Program Files\FileMaker\FileMaker Server\CStore\




          Copy the Server Certificate.cer and Intermediate Certificate.cer files to Documents or similar


          (if following already setup, skip to 'Import Certificate' below)

          In Server Admin, click Database Server


            Restrict access to databases per user

            Select 'List only the databases each user is authorised to access'

            Click 'Save'


            SSL Connecctions

            Click 'Use SSL for database connections'

            Click 'Save'


            Progressive Downloading

            Click 'Use SSL for progressive downloading'


            Click 'Save'

            Ignore restart server messages, as we'll be doing this shortly


            Click 'Import Certificate'

            Signed Certificate File

            Click 'Browse'

            Select 'Server Certificate.cer' from 'Documents'

            Click 'Open'

            'Intermediate Certificate File'

            Click 'Browse'

            Select 'Intermediate Certificate.cer '

            Click 'Open'

            Private Key File:

            Click 'Browse'

            Navigate to Program Files\FileMaker\FileMaker Server\CStore\serverKey.pem

            Click 'Open'

            Private Key Password:

          Usually left blank

            Click 'Import'


            A red 'Certificate imported successfully' should appear


          We restart the complete server to fulfil FileMaker Server restart requirements, but should be able to just restart FMS


          When restarted, log into the admin console using:


            View the certificate, which should be valid


          Perhaps not the most official way to do it, but it has helped us use the same certificates across different servers and between IIS and FileMaker Server Master and Worker servers in a 2-server deployment and a convenient way to update the current certificate.


          Hope this helps