andrewm4

Filemaker 14 Server SSL Certs Issue + Client Unable to Verify Identity

Discussion created by andrewm4 on Feb 12, 2019
Latest reply on Feb 13, 2019 by andrewm4

I support 3 FM14 servers here on campus. As it turns out, the SSL certs on all 3 are expiring across several days this week. I renewed and installed new SSL certs for one of the three servers and tested on my PC, which has Filemaker Pro 15. Note that on the server, I imported the new SSL certs both into the Windows Certificate store and into Filemaker Server (via the fmsadmin command).

 

On my test PC running the Filemaker Pro 15 client, when I launch the FM Pro 15 application, I receive an error stating "Filemaker Pro can't verify the identity of "<server name here>". I click on View Certificate and the correct certificate is listed, and shows an expiration date 2 years from now. I can click "Connect" and I'm then able to see the databases. Some end users, however, who are using various versions of the Filemaker 14 and 15 client, have reported that when they click "Continue", Filemaker Pro just freezes and never does show the list of files.

 

Question: (See screenshot, below) ... Should the SSL cert that's imported into Filemaker server match the "Filemaker Host Name" OR the name that's next to the "IP address" in the Web Server field? Right now, the SSL cert matches the Filemaker Host Name, but I'm still getting the prompt indicating "Unable to verify the identity of <server name>".

 

Screen Shot 2019-02-12 at 4.22.03 PM.png

 

Also, possibly as a side-effect of all of these SSL cert issues, Web Direct is just loading a blank screen with only "Filemaker WebDirect" at the top - no Filemaker file icons are visible. My browser (Firefox) does show a green padlock, and when I go to view the certificate information, it's also showing the correct certificate.

 

I've rebooted the server multiple times, with no change in status.

Is there anything else I can try to get the Filemaker Pro clients to work properly and be able to connect without getting the "Filemaker Pro can't verify the identify of <server name>" or, worse, just freezing and not loading files at all? I'm also at a loss as to why WebDirect would still be non-functional even with the new certificate installed.

 

Does anyone have any ideas as to what I can try to dig my way out of this mess?

 

Thanks in advance for any assistance you can provide.

 

Andrew M

 

Edit #1 2/13/2019: One other detail that may be helpful: Our certificate issuer as listed on the cert is "InCommon RSA Server CA" . Is it possible there's some kind of general incompatibility between InCommon SSL certs and FM 14 Server and clients?

 

Edit #2 2/13/2019: I noticed in the FM 14 Server Admin console under Database Server >> Security, it says the following: "Warning: The custom SSL certificate installed on this server does not originate from a Certificate Authority (CA) supported by FileMaker. FileMaker Go cannot be used to connect securely with this certificate."

 

Outcomes