3 Replies Latest reply on May 8, 2014 3:06 PM by LSNOVER

    FMS 13.0v2: SSL revocation vs. re-key

      I should've read the readme more thoroughly. After upgrading to 13.0v2 I noticed that my SSL certificate which I'm using with WebDirect has been replaced with a cert by "FMI Certificate Authority". The readme says to contact the CA to revoke and reissue the certificate. GoDaddy warns me that I should only revoke the certificate if I want to permanently remove it, and that I won't be eligible for a refund. They do have an option to re-key the certificate, which I'm hoping will work, but I wanted to find out if anyone has tried it already.

       

      Server: Win Server 2008 R2 Standard w/IIS v7

       

      Any advice?

       

      TIA,

       

      - Dave

        • 1. Re: FMS 13.0v2: SSL revocation vs. re-key
          DrewTenenholz

          Dave --

           

          I believe that the FMServer Command Line Interface (aka CLI) allows you to install whatever certificate you like into FMServer.  My understanding is that this changes the certificate for both FMPro clients and WebDirect all at the same time.  So, you should be able to re-install your older GoDaddy certificate to get back to where you were.

           

          But, since FileMaker issued the 13.0v2 updater to fix a Heartbleed vulnerability, if this server was running a publicly-accessible web direct site before, then you probably should revoke and re-issue the GoDaddy certificate and install the new one since the current private key may have already been compromised.  And, GoDaddy ought to be willing to revoke+re-issue at no cost, but that's just my opinion.

           

          Maybe this is the same thing they mean when you wrote, "have an option to re-key the certificate".  You create a new private key, and they issue a new public key for the 'same' certificate.  The language around this seems to be rather imprecise.....

           

          Good Luck,

          Drew Tenenholz

           

          >I should've read the readme more thoroughly. After upgrading to 13.0v2 I noticed that my SSL certificate which I'm using with WebDirect has been replaced with a cert by "FMI Certificate Authority". The readme says to contact the CA to revoke and reissue the certificate. GoDaddy warns me that I should only revoke the certificate if I want to permanently remove it, and that I won't be eligible for a refund. They do have an option to re-key the certificate, which I'm hoping will work, but I wanted to find out if anyone has tried it already.

           

           

          >Server: Win Server 2008 R2 Standard w/IIS v7

           

           

          >Any advice?

          • 2. Re: FMS 13.0v2: SSL revocation vs. re-key

            Turns out that GoDaddy's re-key option worked out just fine. The very first time I set up this server I installed the SSL certificate in IIS. This time I had to install the cert using the fmsadmin CLI option.

            • 3. Re: FMS 13.0v2: SSL revocation vs. re-key
              LSNOVER

              DO NOT REVOKE with GODaddy.  That will wipe out the SSL Cert and you will have to buy a new one.  Re-key is what you want.   Just a note for anyone else to be careful.