AnsweredAssumed Answered

SSL verification issues after correct installation

Question asked by fm@codej.co.uk on Jul 3, 2018
Latest reply on Jul 4, 2018 by fm@codej.co.uk

Somehow renewals of SSL certificates never seem to go well for me.

 

The context:

FMServer on LAN supporting approx 20 clients internally and a number externally.

The server and OS (Windows platform) to recommended spec.

Version FMS 16.0.4

Clients on FileMaker Pro 16.0.4 mostly Windows

GoDaddy Standard SSL. Server named correctly for the SSL.

 

Recent changes:

A change was made to the DNS on the LAN adding an entry to point the FQDN to the local IP address of the FileMaker Server. Prior to this, local clients always received an orange icon (as expected). Following this change, sometimes they received a green icon, sometimes an orange icon.

 

The (GoDaddy Standard) SSL expired. The SSL was renewed. In the Admin Console, use secure connections was turned off, a new CSR was generated choosing the option to start over so the relevant files were cleared from the CStore (confirmed by looking in CStore). A rekey was processed at GoDaddy and the new certificate (type Other) downloaded. The FMServer was re-started. The new certificate was imported using the correct files, though there was an issue with the Intermediate Certificate (it seems that on a Mac Server, it is fine to include this, but on a Windows Server it needs not to be included as it is already in the Certificate). Once the certificate was imported successfully, use secure connections was switched back on and the FMServer process re-started. As belt and braces, the whole server machine was re-started. Correct installation was verified by checking that the certificate details were correct in the admin console and by going to the FQDN website.

 

The issue(s):

Following the re-start, users tried to re-connect, but now all receive the warning that the certificate cannot be verified, though View certificate shows the correct, valid certificate. See attached screenshot. This is the true whether the connection is on the LAN or from outside. Web direct users, however, get the expected connection and green lock icon.

 

There are some solutions on the server that are accessed using an Opener file. Naturally, because the connection is not verified, this fails (although interestingly, these worked before installing the renewed certificate).

 

My thoughts:

All connections are reaching the FMServer, seemingly via the correct route. However, no connections are verifying against GoDaddy's servers. I don't know how this happens normally. As WebDirect users can connect correctly, the issue seems to be to do with the fmnet connection on 5003, unless 443 is used for verifying the certificate.

 

Questions

    1. How do I get the certificate to verify?
    2. How do I get the green icon to show consistently when the above is resolved?

 

Many thanks in advance.

Outcomes