Renewing FileMaker Cloud SSL for Custom Domains - Tips & Complaints

Discussion created by rcollins on Nov 26, 2017
Latest reply on Sep 4, 2018 by oregondean

I am hoping to save you some of the headache I have just been through, again, and to try and raise some attention about the difficulty of everything related to SSL registration and renewal for FileMaker Cloud. Any headaches that involve simple action points to correct, I have titled "Complaints", because I believe they should be fixed by FileMaker and COMODO staff, for the benefit of all of us. I would be more gentle had I not been through, and attempted to improve, some of these very same complaints both last summer and last winter.


For starters, if any of you are early adopters of FileMaker Cloud, like me, your custom domain SSL certificate may be up for renewal, and COMODO may have just sent you a 90-day renewal notice including the warning of :Your SSL subscription will expire in 90 days! Don't let your domain raise a security alert, Renew Now. If, like me, getting it set up the first time involved extensive research, weeks of phone calls with FileMaker support, and lengthy chat dialogues with customer service at COMODO, you probably want to get it taken care of early to avoid the very real risk of it taking... a long time, and lapsing, with subsequent loss of access to your hosted files.


But be forewarned! You have to ask, BEFORE you generate your CSR file, to have COMODO extend, rather than start over, your 1-year certificate expiration. Otherwise, you just start over on whatever date you purchased your renewal, which is what happened to me. So, by renewing 90 days early, I lost 90 days off the value of my 365-day SSL registration, and I get to look forward to doing this in 365 days, rather than 365 + 90. COMODO offered to use common sense after I was done with this procedure, if I was willing to start over and generate a new CSR file. I can't afford to spend another 5 hours to save $25. So, if you're going to renew early, speak with customer service before you buy, to make it clear that you want to extend your certificate's end date.


My other thoughts are regarding documentation of this process, and what I want to remind myself of a year from now when I will have to do this again. If the real-life, just-finished-it-an-hour-ago experience of a fellow user, rather than a help-manual writer, is of use to you, by all means:


CRITICISM 1:  Renewing a custom domain SSL is different than renewing the out-of-the-box starter SSL, yet there are no distinctions between the two in documentation of the process on FileMaker's website.


Step 1. Respond to COMODO's email to buy a renewal for your SSL, but take heed of my above warning.


Step 2. For Mac users, generate a CSR using command line. A .csr file and a .key file will be created in your home folder (computer/username/here), not your download or desktop folder.

CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X) - Powered by Kayako Help Desk Software


Step 3. Plug the .csr into COMODO's website and they will email you a .crt file and a .ca-bundle file.


Step 4. Open a text editor, open the .crt file and then open the .ca-bundle file. Merge the contents of both into one file, with the .crt on top. Name it yourfile.pem changing 'yourfile' to something clever or relevant.


CRITICISM 2: FileMaker's instructions tell you to create a .pem file, but they describe the contents using the terms 'server certificate' 'intermediate certificate' and 'root certificate'. That's great if you know what that means but I'm a FileMaker developer and was just looking at .crt and .csr files. I don't want to do more research to decipher terms.



CRITICISM 3: COMODO's instructions tell you that you don't need a .pem file, just a .crt file. This is already confusing enough. There's no excuse for having multiple conflicting instructions from partners. Choose the correct one. Copy. Paste.


Step 5. Backup your cloud files. I was scared I would cut off access to my hosted files so I backed up locally. Proceed at your own risk.


Step 6. Go to the "Configuration" tab of the FileMaker Cloud admin console. Then "SSL Certificates" on the lower left. Then "Import Custom Certificate". It will asked for a 'Signed Certificate File" and a "Private Key File". The CSR generation (my 'Step 2.') created a .key file. That's the "Private Key File". The saved .pem file that FileMaker instructions tell us to create (my 'Step 4.') = "Signed Certificate File"


CRITICISM 4: Could we stick with one naming convention for these files? I'm still just a FileMaker developer and not an SSL linguist. (See Criticism 2.)


Step 7: Upon hitting OK, FileMaker Cloud will tell you that it is restarting and to not do anything until you get an email. I got the email but my browser still said it was restarting, and the email didn't say anything about the restarting or it being ok to proceed. I waited a while and then realized there was no adult in the room, and just proceeded anyway.


CRITICISM 5: If we are warned not do to something, it would be nice to have a clearer sense that everything is now ok, if and when it is. Otherwise, why warn?


Step 8: The email included a CNAME reference. My domain is registered with GoDaddy, so I went to their website, found the DNS and CNAME stuff for my domain, and I noticed that the details had not changed. I was glad I didn't have to do anything.


CRITICISM 6: All of us FM Cloud users are familiar with having set up an AWS account. It strikes me as a normal concern to be worried that something is going to need to be adjusted on AWS as part of this SSL renewal process. It would be very nice to have some sort of notification that "Nope - you should be all good to go. You don't need to change anything on AWS unless this or that..."


Step 9: I hope I don't get any surprises about SSL problems when Monday arrives tomorrow!


And I hope your experience is faster and less frustrating than mine. Good luck.