10 Replies Latest reply on Mar 21, 2014 8:05 PM by ibrahim_bittar

    Server Side Script not working (MacOSX Server)

    ibrahim_bittar

      Hi all

       

      I've doing tests with ScriptMaster and BaseElements Plugin to decode certificate files.

       

      It runs OK locally but doesn't run if I run it from server. To be more precise, there are two shell commands that are not working:

       

      BE_ExecuteSystemCommand ( "openssl x509 -inform DER -in " & $Path & "a.cer -out " & $Path & "b.cer" ; -1 )

       

      AND

       

      BE_ExecuteSystemCommand ( "openssl pkcs8 -inform DER -passin pass:" & $Parameter3 & " -in " & $Path & "a.key -out " & $Path & "b.key" ; -1 )

       

      I don't know why is not running on server. I've tried different combinations to no avail.

       

      Along with this post is the file I'm using. I hope someone can point me into the right direction.

       

      Regards

       

      Ibrahim

        • 1. Re: Server Side Script not working (MacOSX Server)
          wimdecorte

          What kind of error are you getting back?

           

          Remember that FMS runs by default as "local system" on Windows and user "fmserver" on OSX.  So depending on where your $path variable points to that user may not have access rights to it.

           

          Does the "openssl" command require super user rights to execute in the command line?

          • 2. Re: Server Side Script not working (MacOSX Server)
            ibrahim_bittar

            Hi Wim

             

            It returns a ? character.

             

            Let me explain you the process in general terms:

             

            1. CER file, KEY File and password are sent to the script as parameter (files encoded as Base64).
            2. Script creates a new folder inside the documents folder (when ran in server, the FileMaker Server Documents folder) and places CER and KEY files inside.
            3. Change permissions of this new folder so every user can rear/write (CHMOD a+w $Path).
            4. Use OpenSSL to extract information from CER and KEY Files and write them in text files.
            5. Read text files and place contents into corresponding text fields.

             

            This works correctly if I run the script locally. I don't need to use sudo. I tried with super user right and it doesn't work anyway.

             

            My problem is that I can't debug the script when run in server and the server log shows nothing.

            • 3. Re: Server Side Script not working (MacOSX Server)
              wimdecorte

              And the error happens in #4?  When run on the server steps 2 and 3 actually work?

               

              The server would not log anything because for FM nothing is wrong: it told the plugin to execute something and it did.  That the result of the plugin call is not correct is not a FM error.

              • 4. Re: Server Side Script not working (MacOSX Server)
                ibrahim_bittar

                Yes, the error happens in Nº 4.

                 

                I'll try to do it manually on server terminal to see what happens.

                 

                Thanks.

                • 5. Re: Server Side Script not working (MacOSX Server)
                  BowdenData

                  Two suggestions.

                   

                  1) Set the timeout value in the BE_ExecuteSystemCommand( ) from -1 to a value. Maybe try 10000 milliseconds (10 seconds). Experiment with some lower, or maybe, higher values. I had a command on Windows server that was not working with -1, but upon consulting with Goya, I tried specific timeouts, which worked better.

                   

                  2) If the above does not work, try using the BE_ExecuteShellCommand ( command {; waitForResponse } ) instead. Even though it is deprecated and therefore does not show in the function picker, it is still valid. In another instance on Windows, I was doing a command on the server that would not complete successfully using SystemCommand, but does work fine with ShellCommand. In my case, I am specifying the waitForResponse parameter of 1.

                   

                  SystemCommand does not open a terminal window like ShellCommand does, but when running on the FM server, it doesn't matter. This is at least with Windows.

                   

                  Regards,

                  Doug

                  • 6. Re: Server Side Script not working (MacOSX Server)
                    mr_scott

                    Hello, Ibrahim:

                     

                    Is the SSL certificate for a server, or a client?

                     

                    How does the SSL certificate play a role in user actions from any client device?

                     

                    Is this a client certificate that the client is supposed to download in order to do something with the server, or some other device, web/network target, or something else?

                     

                     

                    Assuming that the use of the certificate facilities future actions through a 2-way authentication as would be expected between a server and connected clients…

                    • When you ran it with FMP Client, was it on the same machine as the server, or another computer?
                      • If you did not, I'd consider trying that to see if it works when running the same FileMaker Pro client software, plugs-ins, and settings — just like you did successfully on the other device.
                    • Was the certificate created on the server, or another device?
                      • If you did not create the certificate on the device for which it would reside, how are you authenticating the certificate before attempting to use it in your solution?

                     

                    Best regards,

                    - - Scott

                    • 7. Re: Server Side Script not working (MacOSX Server)
                      ibrahim_bittar

                      Hi Scott

                       

                      The process is not to install the certificate on a server but to read the contents of both the certificate and key files and express them in Base64.

                       

                      This is for the electronic invoicing process in Mexico. The Base64 CER and KEY files will be placed into a XML file constructed in FileMaker and sent to the Tax authority in Mexico via SOAP.

                       

                      I have not tried to run the script locally on the server machine. That's a good idea. I'll give it a try today.

                      • 8. Re: Server Side Script not working (MacOSX Server)
                        nickorr

                        Ibrahim,

                         

                        A couple of things when running shell scripts : First you're running off the server, so you've got a different account, and probably need to add a sudo command to the start and specifiy the account and pw there too.  Secondly the plugin uses the sh shell, when the command line mac default is the bash shell, which can give different results.

                         

                        You can use bash by doing :

                         

                        "/bin/bash -c \"commandhere\""

                         

                        instead. Be careful about escaping though, as your command then needs to be escaped on the command line to work.

                         

                        Cheers,

                        Nick

                        • 9. Re: Server Side Script not working (MacOSX Server)
                          nickorr

                          Oh, and if you get errors, check the BE_LastError for details and google whatever results you get back.

                           

                          Cheers,

                          Nick

                          • 10. Re: Server Side Script not working (MacOSX Server)
                            ibrahim_bittar

                            Hi Nick

                             

                            When running a shell command we have to add the full path because cd doesn't work. If you run ls using the plugin will show the root directory contents.

                             

                            Finally what I had to do was to add the full unix path (in using MacOSX):

                             

                            openssl pkcs8 -inform DER -passin pass:500707 -in /Library/FileMaker\ Server/Data/Documents/5090F8524DBD49678F7E448746F9DD1C/a.key -out /Library/FileMaker\ Server/Data/Documents/5090F8524DBD49678F7E448746F9DD1C/b.key

                             

                            Now it works perfectly.

                             

                            Nick, congratulations for such a good piece of work.