1 2 Previous Next 15 Replies Latest reply on Jun 5, 2017 8:46 AM by Datagrace

    Configuring Filemaker Server 16 with GoDaddy Certificate

    JulianJohnson

      Hi All,

       

      I'm struggling to get a Filemaker Server 16 installation to use a certificate from GoDaddy. I'm sure it's something I'm doing but can't find any instructions that seem to match the options that FM and GoDaddy offer.

       

      What I've done so far:

      • I've been to the Admin Console>Database Server>Security and checked SSL. Then selected Create Request.

      • I put in our domain name (not the FQDN, so not server.domain.com but used domain.com), company name and password.

      • I generated and downloaded the serverRequest.pem file.

       

      • I then went to GoDaddy and pasted the contents of the serverRequest.pem file into the new certificate window and waited for them to approve it.

      • I chose server = other and downloaded the certificate from GoDaddy and received a zipped folder containing two files: one with a load of letters/numbers as the name and one called gd_bundle-g2-g1.

      • I then went back to the Admin Console and clicked Import.

       

      I've then tried the following to get it to work:

      • Selecting the downloaded file with all the letters and numbers as the certificate file.

      • Selecting the gd_bundle-g2-g1 file as the intermediate file and not selecting it.

      • Concatenating the contents of the two files into one called chain.pem and using that as the certificate file.

      • Entering the password that I used when creating the serverRequest file in the first place.

       

      Initially I get a message telling me that the serverRequest.pem file already exists so I have removed that from the CStore folder, I still get the message.

      I've also tried removing the serverKey.pem file from the CStote folder, that seems to resolve that issue.

      However, I then get a message telling me that the password doesn't match the one I used when generating the request, however I know it does and have done the whole process three times.

       

      I've also tried it on the Admin Console running on a remote Mac here and also by RDC onto the server itself and doing the whole process there.

       

      For info, it's Filemaker v16, running on Windows Server 2012 R2 on an AWS EC2 Instance.

       

      I don't know what on earth to try next! Has anyone had this working and are there any tricks that hopefully don't involve command line type stuff?

       

      Thanks in advance for any help......

       

      Kind Regards

      Jules

        • 1. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
          wimdecorte

          You'll have to start by getting a different SSL cert. It has to be for the FQDN of your server or for a wildcard.

           

          So not 'domain.com' but

          someserver.domain.com

          or

          *.domain.com

           

          The process you did for getting GoDaddy to generate the cert is correct.

          Once you get the files you'll have: one cert file, one intermediate file

           

          You'll have to import both of them using the admin console.  No need to concatenate them; that's only need for the FM Cloud version of FMS, not for the full version of FMS that you are working with.

          • 2. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
            JulianJohnson

            Thanks very much for this.

             

            I created a new certificate using the FQDN of the server. However, I get the same issue still unfortunately.

             

            With the serverKey.pem file in the CStore folder I get a message saying that the private key file already exists. If I move the serverKey.pem file out of the Store folder I get a message saying it can't decrypt the private key file with the password.

             

            It's all a bit strange and frustrating. I'm sure I'm doing something wrong....

             

            Thanks Again...

            Jules

            • 3. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
              JulianJohnson

              One thing I would add, is that it was regionally set up using the Filemaker Test Certificate. That's still installed so I'm wondering if that needs removing first, although I have no idea how to do that.

               

              Thanks

              Jules

              • 4. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                Datagrace

                Wim, I'm struggling with a similar problem, although the certification installation on FMS appears to succeed. But when I log in from a client, I get an error stating the domain names ('datagracebox.biz') don't match. GoDaddy tech support tells me I need to point the DNS to the server (so it's publicly available via the domain name), but I've never heard that.

                 

                This is a Standard SSL.

                 

                Where can I see where the names are mismatched, and how can I tell FMS16 that it has a domain? This is a Mac.

                 

                Thank you, and don't mean to hijack Julian's thread.

                 

                John

                • 5. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                  wimdecorte

                  Client in this case is FMP?  If so, when you inspect the cert with FMP does it look like it is correct?

                  How does the client connect?  A shortcut or through 'open remote' by selecting the visible FQDN of that server?

                  What happens if you use a favorite to that server using the FQDN?

                   

                  Is this FMS16?  If so: did you import the intermediate cert from the wizard?  (FMS16 seems to require the intermediate).

                  • 6. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                    Datagrace

                    FMP, WD, Data API via Postman. When viewed from FMS console, the cert looks correct. When viewed from client, 'This certificate is not valid (host name mismatch)' is displayed in red. Connections have been direct-- Open Remote/IP address/filename on the LAN or WAN, or similar from a browser or API client. I didn't have a FQDN until I set up the SSL, but, other than the names of the domains being the same in the request and cert (I think, since they are scrambled), there's no other connection between the FQDN and the server.

                     

                    Yes 16, yes I used wizard, but what's the intermediate cert? The request? If so, yes. Using the wizard generated 2 files in CStore-- serverKey.pem and serverRequest.pem.

                    • 7. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                      bigtom

                      Datagrace wrote:

                       

                      FMP, WD, Data API via Postman. When viewed from FMS console, the cert looks correct. When viewed from client, 'This certificate is not valid (host name mismatch)' is displayed in red. Connections have been direct-- Open Remote/IP address/filename on the LAN or WAN, or similar from a browser or API client. I didn't have a FQDN until I set up the SSL, but, other than the names of the domains being the same in the request and cert (I think, since they are scrambled), there's no other connection between the FQDN and the server.

                       

                      Yes 16, yes I used wizard, but what's the intermediate cert? The request? If so, yes. Using the wizard generated 2 files in CStore-- serverKey.pem and serverRequest.pem.

                       

                      The intermediate cert is the second file in the GD SSL download file, something like  gd_bundle-g2-g1.crt.

                       

                      When you get the mismatch error there is an option to view the certificate. This is where you confirm the fQDN is correct in the certificate, not the encrypted key or request.

                       

                      Did you add a subdomain for the server FQDN? If the domain is registered with GD you do this in the Domain management and add a record to the DNS zone file. Add an "A" record for your subdomain and add the WAN IP address of your FMS. The process is essentially the same for all registrars and DNS management tools like Cloudflare if you use them.

                       

                      Unless you have a DNS server setup on LAN you will likely continue to get the error. I would suggest you test via WAN first and then deal with LAN later if needed.

                       

                       

                      • 8. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                        bigtom

                        Julian Johnson wrote:

                         

                        Thanks very much for this.

                         

                        I created a new certificate using the FQDN of the server. However, I get the same issue still unfortunately.

                         

                        With the serverKey.pem file in the CStore folder I get a message saying that the private key file already exists. If I move the serverKey.pem file out of the Store folder I get a message saying it can't decrypt the private key file with the password.

                         

                        It's all a bit strange and frustrating. I'm sure I'm doing something wrong....

                         

                        Thanks Again...

                        Jules

                        Unfortunately the documentation on this process is not very good and it can be confusing if you do not grasp what is happening. FMS also seems to be happier when you generate a new request and rekey with GD rather than using the same files for another import to resolve an issue with the process.

                         

                        If possible I would suggest reinstalling FMS as a fresh start point. It looks like you have the process figured out but you are getting stuck with previous files in the cStore folder and not knowing which to keep and which to remove. I recall FMS asks if you want to remove the old files at some point and does it for you after rekeying the certificate and installing a new certificate.

                         

                        I am half tempted to make a video or document detailing how this gets done as many people are having trouble.

                         

                        You do need a DNS entry pointing the FQDN to the FMS. Do you need help with that?

                        • 9. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                          wimdecorte

                          A couple of things:

                           

                          1) once you have the cert installed; all connections to the hosted files must be done through the server's FQDN name.  When you use the IP then the connection will not be secured and you'll get warnings.

                           

                          2) the intermediate cert is provided by GoDaddy, it should have been in the download they gave you but you can download it separately from their website.  The intermediate cert establishes the chain-of-trust from your cert to the issuer.  It is not one of the pem files that is created by FMS.

                          2 of 2 people found this helpful
                          • 10. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                            Datagrace

                            Thank you, Wim. I've re-installed the cert, this time with the intermediate cert. This dev server is on my LAN, and I just bought the domain this morning, and it hasn't resolved yet. I'll post back tomorrow with an update.

                            • 11. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                              Datagrace

                              Still getting the error on a LAN connection, but I cannot see any mismatch when I open the error pane, nor anything that's editable. This is after re-installing the cert with the intermediate cert. There's no subdomain, just NAT forwarding for external clients.

                               

                              Agreed that I need the domain working so that I can reliably test externally.

                              • 12. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                                bigtom

                                Datagrace wrote:

                                 

                                Still getting the error on a LAN connection, but I cannot see any mismatch when I open the error pane, nor anything that's editable. This is after re-installing the cert with the intermediate cert. There's no subdomain, just NAT forwarding for external clients.

                                 

                                Agreed that I need the domain working so that I can reliably test externally.

                                You will get an error on LAN unless you have a DNS server for the LAN or you edit the client Mac's "hosts" file and do a restart.

                                 

                                Nothing should be editable when viewing the error info. The good news is that the name mismatch is a "good" error. You have a secure connection, but the domain cannot verify. This is better than not having a secure connection at all. For your LAN you can choose to ignore the error on all future connections.

                                 

                                Adding a sub domain to a domain you already have is usually the easiest way, but if you purchased an new domain and have an SSL cert for that domain it should work. I am assuming you are using the FQDN as www.doamin.com and not just domain.com.

                                • 13. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                                  JulianJohnson

                                  Hi There,

                                   

                                  Thanks very much for this. The server is in use so I'm going to try to shut it down tomorrow night and reinstall/try setting the certificate up again.

                                   

                                  I'll keep you posted but thanks for your help so far!

                                   

                                  Kind Regards

                                  Jules

                                  • 14. Re: Configuring Filemaker Server 16 with GoDaddy Certificate
                                    Mike Duncan

                                    For the certificate to work as expected, you need to access it via the domain name on the cert, and not the IP address. For locally hosted server, you might find it via bonjour or know the local IP, but those will not use the domain name.

                                     

                                    You might need to configure a local DNS server and set up some internal routing so the domain name works on your local network, or edit the local host file on your machine to make the routing work. Local DNS would work better if you have a laptop and occasionally take it outside your network and still want to access your server via the external network.

                                     

                                    Does that help?

                                    Mike

                                    1 of 1 people found this helpful
                                    1 2 Previous Next