The certificate is valid, but it is not for the domain that you are using. The certificate is for fms01.michaelheidergmbh.com but you are trying to use it to connect to fms04.michaelheidergmbh.com.
Yes, that is right, but in the SAN part of the certificate "fms04.michaelheidergmbh.com" is also registered!
Verified with windows server, that this works correctly!
Did you import the intermediate certificate when you installed the cert in FMS?
How are the users connecting? Through a favorite host entry in FMP or finding in the list of local hosts?
no I didn't import a intermediate certificate. I use GeoTrust certificates for more than three years and did not need to import anything else than the SSL-certificate itself. Do you think we need to import intermediate certificates now?
I use a similar certificate on a WIN server without any problems and there I didn't import a mediate certificate either.
The clients are connected via favorite host entry with the complete server name (incl. domain).
Maybe FMS on Mac doesn't check the SAN part of a SSL-certificate?
2 of 2 people found this helpful
Check the release notes.
• When importing a custom SSL certificate signed by an intermediate certificate authority, you must include the intermediatecertificate file. On the Admin Console Database Server > Security tab, for Intermediate Certificate File, click Browse and select the intermediate certificate file.
In FMS since the intermediate certificate data is not required for all certificates the UI can't require it. However, since most times we the installers don't know if there is an intermediate signing authority it is in our best interest to always install it.
IMHO this is now a 'best practice' for FMS 16 (and beyond).
I have been installing FMS for more as long as FMS has been available, so I do have a bit of experience. I have found the same problem and was essentially told by FMI via this forum that there was something wrong with our installation. Problem with SSL verification of valid cert by FMP, mac network client We use the suggested certificate type from GoDaddy. I have been installing the certificates in the manner suggested by FMI since they started requiring them. In my current case, I have rebuilt my FMS 15 twice and the results are the same. I'm in the process of building a test FMS 16 to see if the results are the same.
We use network user homes and that appears to be our problem. For some reason the usual location where FileMaker puts certificates in the user home is not being accessed or used properly. In our case I know that FileMaker can put things there because once you delete the contents it forgets to automatically allow connection with a certificate that it cannot figure out.
Location: youruserhome / Library / Application Support / FileMaker / FileMaker Pro / 16.0 / certificates will be here.
Delete the contents here and on the next connection to your FMS you will be prompted by FMP to reauthorize it to connect to the server it cannot figure out the certificate for.
When we connect to FMS with a local user that has a user home on the local client machine instead of the network user on the network user home, FMP recognizes our certificate and connects as expected.
Let us know if you come up with anything.
thanks to all!!!
Importing the intermediate certificate did the trick! Everything is fine now!
How about marking a correct answer? §^=)
Good to hear about the intermediate certificate. That seemed to change in 16 and I had never imported intermediate certificates until then.
By the way, why such an old version of the OS? If you're interested in the latest security, I would upgrade to 10.12.6. FileMaker 16 works just great with it.