You're running Mac OS Server?
I'm curious about this issue as well. I just installed FMS (trial) on Mac Server Sierra and from all the problem postings I've read here about FMS+certificates, it certainly sounds like getting FMS to correctly (or at all) import Server certificates is problematic. Maybe this is just related to Mac OS Server?
Regardless, if you have a functioning certificate for your Mac Server that's recognized by a browser as being legitimate and is thus properly set up, but you can't import it into FMS, that seems to me like a bug (in FMS) and you should report it.
Please update this thread with any updates.
1 of 1 people found this helpful
Does Get ( HostName ) return the expected host name as it appears on the certificate?
I deleted a previously saved certificate in keychains on the client and this seem to resolve the issue. I will do further testing.
FMI does keep improving the SSL process with each version and they seem very surprised that anyone has any sort of trouble. They seem to think it is a fool proof system. This is a piece of FMS that they seem to take seriously and have actively engaged with those having issues in order to improve the process. It is fairly simple and once you understand how FMS want it done you get it. However, many installs will be the only one time this gets done by a single individual and that makes the process seem difficult.
They have been improving the process since v14, but there are still a lot of people having issues. I would like to say that 80% of the problems that people have could be solved with proper documentation. FM support is not extremely helpful and eventually they will get you there will some long phone calls. The FM support route is to reinstall a fresh OS and FMS and rekey a certificate for the fresh install. This is actually not difficult to do and I would recommend it to anyone with an issue. The fact that FMI relies heavily on this community to support these kinds of issues is interesting.
Most of the issue is also with the movement from "Please use SSL" to "You really need to be using SSL for FMS to function fully." Making SSL mandatory to avoid the nasty insecure connection warnings put the process in the hands of every install and not just those that choose to use it. Plenty of people installing SSL on LAN without a DNS server and still getting insecure warnings and wondering why. Not enough documentation.
With FM16 I know that I reported SSL problems including the name mismatch early early, but I guess they were not prepared to make changes or evaluate this before release.
FMI tends to lean on the "You are not doing it correctly" idea rather than the "We did not make it really clear how this works" idea. They might be forgetting that a lot of people running FMS are not "network" people. they fact remains that people are having issues. i certainly hope they get it sorted in the next version.
The other 20% that are issues are those doing deployments that are not normal and need special consideration.
Hopefully TSGal continues to make sure these threads on SSL install problems continue to make it tot he proper departments.
I agree with you. But they ought not make SSL required. If your server is not on the internet, there's no reason to go through the expense and hassle of SSL certificates.
Thank you for your comments and perceptions. I have sent your post to the FileMaker Server Product Manager, the Testing Manager for FileMaker Server, and the lead Support Technician for FileMaker Server.
Looking through your case history for calls into Technical Support, I could not find a record pertaining to SSL. Do you remember approximately when you talked to Technical Support about SSL? I will follow up with the Support Technician.
SSL is not required. I have access to several FileMaker Server machines, and most do not have a certificate as SSL is not turned on. Those machines without a certificate are only available on our local area network.
SSL is not required, but users get a lot of warnings reminding them the
connection is not secure and many people get scared by that. Scaring
users or making them feel unsafe is not a good idea. Yes you can always
allow connection in FMP/Go and skip the messages in the future, but the
idea is always there and lingering.
When connecting with a FlleMaker Pro Advanced 16 Client, the certificate shows as not valid. (Host name mismatch.)
Is the client connecting via the FQDN registered on the certificate or via the IP address or some other dns name?
e.g. if the certificate is registered for server.yourcompany.com.au then the client needs to use that address in the "Open remote" dialogue box or have that address in the "External Data Sources" in FileMaker.
If the client instead is entering localhost or 192.168.0.10 or server.yourcompany.local etc. etc. then it won't work, the address used to access the server must be the same as the certificate.
This occurred when opening from the Launch Center, where I was presented with the FQDN.
I got that message when I tried connecting with the IP address and approved connections to that IP address. Subsequently I connected with the FQDN and the security Icon showed the warning. After deleting the certificate in keychain, the problem went away, leading me to believe that the local certificate was cacheing the mismatched name.