1 2 Previous Next 22 Replies Latest reply on Jul 7, 2017 10:27 AM by fmpdude

    SSL Certificates that Work in FMS 16

    fmpdude

      I've read the documentation from FMI regarding "accepted" certificates for FMS 16, but don't see any of those few certificates in my provider of choice.

       

      My question, then, is whether anyone has gotten any of these other popular certificates to work:

       

      https://www.namecheap.com/security/ssl-certificates.aspx

       

      --

       

      I need to use a service like NameCheap since they offer DDNS. GoDaddy does not offer DDNS.

       

      Suggestions welcome, of course.

       

      TIA

        • 1. Re: SSL Certificates that Work in FMS 16
          Johan Hedman

          Until FMI release new accepted certificate providers, I always tell my customers to stay with recommended. I know there are other who would say that I am wrong and that there are more out there that works, but what if FM decide to go another way, maybe they won't.

          • 2. Re: SSL Certificates that Work in FMS 16
            fmpdude

            Thanks Johan for your reply.

             

            Since I need to use a service like NOIP.COM or NAMECHEAP.COM for DDNS, it seems like I'm more or less stuck NOT using SSL with FMS due to the few supported SSL certificates.

             

            wimdecorte suggested a way around this issue using VPN in Mac OS Server, which sounds promising, but without a couple screenshots or some step-by-step "do this, do that", I couldn't quite follow how to do what he was suggesting. I'm currently already using VPN and DNS on Mac OS Server so hopefully what he's suggesting, if I can ever figure it out, would be simple to get working...

             

            Thanks again.

            • 3. Re: SSL Certificates that Work in FMS 16
              wimdecorte

              fmpdude wrote:

               



              wimdecorte suggested a way around this issue using VPN in Mac OS Server, which sounds promising, but without a couple screenshots or some step-by-step "do this, do that", I couldn't quite follow how to do what he was suggesting.

               

              The idea is this:

              - when the user establishes a VPN connection they are assigned a local IP address (and DNS server address) from your local network

              - when they now make requests for a certain FQDN, the DNS server on your network will handle them first before handing off up the chain

              - so in your DNS server you add the necessary A records for you FMS, mapping it to whatever FQDN you want it to have

              - you buy and install the SSL cert to cover the same domain on your FMS

              - when the user now uses that FQDN in FM's Open Remote, the request will go to your DNS server, that DNS servers sees it has an A record and will direct the traffic to your local FMS, the name on the request will match the name on the SSL cert and you will get a green lock in FMP/FM Go/WebD

               

              When I set something up like this I typically use a domain name that is not in any public DNS so that there is no confusion.

               

              Here's an example of my DNS server.  Since i have quite a few FMSes here that I test with, a wildcard cert makes sense for me (my SSL cert covers *.connectingdataoffice.com).  The DNS server is set up to only provide lookup for clients of my network.

               

              2017-07-07_06-51-25.png

               

              2017-07-07_06-52-05.png

              1 of 1 people found this helpful
              • 4. Re: SSL Certificates that Work in FMS 16
                fmpdude

                This is great info.

                 

                This is definitely Youtube material.

                 

                Thanks, Wim.

                • 5. Re: SSL Certificates that Work in FMS 16
                  Mike Duncan

                  You should be able to get a godaddy cert, then set up DNS for that domain name using a CNAME record to point to your no-ip or ddns domain name. This is essentially how FM Cloud works if you set up a custom SSL cert with it, you will need to point a CNAME record to the FQDN you get from FMI when setting it up.

                   

                  There is some further discussion of this here:

                  Dynamic DNS Updates - GoDaddy Community

                   

                  In the end, it is much more advisable to just get a static IP, or host your FM Server in the cloud where you can get a static IP, and not spend time figuring this out.

                   

                  Mike

                  • 6. Re: SSL Certificates that Work in FMS 16
                    fmpdude

                     

                    In the end, it is much more advisable to just get a static IP, or host your FM Server in the cloud where you can get a static IP, and not spend time figuring this out.

                    I agree. Will you then please pay the $300/month for the static IP, router and Comcast Business account for me?

                     

                    Seriously, though, I'm just setting up a testing server. Paying $300/yr for a certificate (not having any actual FileMaker clients) is at the extreme limit of what I'm prepared to spend at the moment.

                     

                    I appreciate your reply.

                    • 7. Re: SSL Certificates that Work in FMS 16
                      fmpdude

                      So, I recently wrote a service to do RegEx from FMP.

                       

                      Now, I've moved that FMP application to FMS.

                       

                      The WebD URL is this: http:/FQDN:9000/fmi/webd/RegEx_SQL.fmp12

                       

                      The (internal) static IP of the network for the FMS server box is 10.0.1.25.

                       

                      How would I set up the A record exactly?

                       

                      Thanks,

                      • 8. Re: SSL Certificates that Work in FMS 16
                        wimdecorte

                        Assuming that we're still talking about the user having a VPN connection into your network: on that first screenshot of mine, click the "+" button under host names, add the FQDN (no port) and add the IP address.

                         

                        You're done.

                        • 9. Re: SSL Certificates that Work in FMS 16
                          wimdecorte

                          fmpdude wrote:

                           

                           

                          In the end, it is much more advisable to just get a static IP, or host your FM Server in the cloud where you can get a static IP, and not spend time figuring this out.

                          I agree. Will you then please pay the $300/month for the static IP, router and Comcast Business account for me?

                           

                          I hear ya, but some of this is (take your pick):

                          - cost of doing business (like your E&O insurance, electricity bill for your servers, memberships,...)

                          - you have to spend money to make money

                          - learning is not free (time and/or money)

                          - ...

                           

                          As Mike indicated: you can just an AWS or MS Azure instance to test all of this.  Stop the instance when you don't need it and you only pay for the usage.

                          • 10. Re: SSL Certificates that Work in FMS 16
                            Mike Duncan

                            You don't set up an A record, you set up a CNAME record, which is like an alias. So it would point mydomain.com to my-dyn-dns-name.com. This is something you could test before purchasing SSL.

                             

                            And $300 a month from Comcast business? Is that outside the US? You can add on a static for around $15 a month on top of their normal rate which was around $70 a month, if I remember right, and that gets you a block of them. At least that is what it was a couple years ago.

                             

                            Mike

                            • 11. Re: SSL Certificates that Work in FMS 16
                              fmpdude

                              Inside the US, after the 2 year intro period. It might be closer to $200/month. The sales folks are very cagy about giving you exact figures, just saying, "we would work with you to make sure you get the best service at that time.", or words to that effect.

                               

                              And, if you get a single static IP ($20/mo.) then you are forced into renting their router (another $15/mo.)

                              • 12. Re: SSL Certificates that Work in FMS 16
                                fmpdude

                                I agree with the learning part at least.  Since I can find no interest in FileMaker with service-type prospective clients I talk to, this effort is more or less a labor of love.

                                 

                                Probably an AWS with static IP makes the most sense, agreed.  Working around this dynamic IP issue is time consuming, frustrating, and, in the end, I'd never host a production server in my basement on a Mac OS Server.

                                 

                                Was just hoping there was a simple way around that for testing.

                                 

                                I guess the answer is forget SSL (for testing) and everything works fine.

                                 

                                Thanks,

                                • 13. Re: SSL Certificates that Work in FMS 16
                                  Paul Jansen

                                  We have successfully installed the Comodo positive SLL certificates from NameCheap on fms 16

                                  2 of 2 people found this helpful
                                  • 14. Re: SSL Certificates that Work in FMS 16
                                    fmpdude

                                    Thanks!!!

                                     

                                    I'm assuming you're using DDNS too, then?

                                     

                                    Did you install a certificate for the web server and another certificate for FMS or did you just import the single server certificate into FMS?

                                    1 2 Previous Next