Filemaker Server 17 SSL Certificates Fail to Import

Discussion created by andrewm4 on Aug 23, 2018
Latest reply on Jan 15, 2019 by kupietz

I'm having a difficult time importing SSL certificates using either the wizard or the CLI.


When I go through the Admin Console GUI, the error I get is "Cannot verify the signed and intermediate certificates".  Attempting the import via the CLI gives a slightly more informative error: "Failed to verify the signed certificate. (The signed certificate is not for SSL server purpose). Error: 20632 (SSL certificate verification error).


I created the serverRequest.pem file via the fmsadmin command line utility, and sent it to the group at my employer who actually submits the cert requests to the CA.  I then received links to the primary and intermediate certs in .cer file format.


After downloading the .cer files and successfully importing them into the Windows 2016 Cert Store, I went back into the FMS17 Admin console but still was not able to complete the import process due to the aforementioned errors.


I do know the password for the private key (serverkey.pem) and am entering it in the appropriate location in both the web GUI and the CLI.


At one point in the troubleshooting process, I created a .pfx file by exporting the cert with the private key from the Windows Cert store and then tried importing using this file, but no luck there either.


Environment Details:

Windows Server 2016

Filemaker Server 17 v17.0.2.203

Certs are InCommon/Comodo


The server is on a private network with no external internet connectivity.  Does the SSL cert verification process need to connect to the internet-at-large in order to complete successfully?


Also, I'm in the process of requesting new certs from the group at my employer, although I anticipate this may take at least a day before I receive them.


Is anyone else running into this issue and if so, what are the steps you took to resolve this issue?  Thanks in advance for any assistance you can provide.