We have internal root certificates (Enterprise Company) on our managed Mac's and Window machines, which are stored on the systems keychain.
So we set up FileMaker Server 16/17 with certificated based on this roots, created on our internal certification instance.
After importing the created certificates ( with intermediate certificate) everything looks fine.
(our server is only used internal)
The problem is as follows:
Connecting with Windows clients we get a green lock, which is fine.
Connection with Mac clients we got a orange lock (crossed). Checking the certificate everything ist ok.
It looks that the Mac client (tested with 16/17) does not check the keychain on the system to verify the certificates.
I have to copy our root certificates manually into the application packet (deep in the Support.framework).
Then I got the green lock.
I think this is a bug, because FileMaker client (on Mac) has to check the keychain for verifikation, too.