2 Replies Latest reply on May 20, 2014 1:06 AM by malmsten

    Certificate in Filemaker Server 13.0.2 OS X not matching supported SSL certificate vendors

    malmsten

      I run into a problem when our Terena certs didn't match what Filemaker inc had on the list of supported SSL certificate vendors.

       

      After much testing i managed to get it working.

      In short I copied in the certificate chain after I imported the certificate.

       

      Do as follows

       

      1.>sudo fmsadmin CERTIFICATE CREATE fms.x.x

       

      Two files wil be created in the CStore folder.

      serverRequest.pem

      serverKey.pem

       

      Send the serverRequest.pem to your certificate provider.

       

      When you get the certificate from your provider se to that you also download the chain file/s

       

      2.>sudo fmsadmin CERTIFICATE IMPORT /downloaded/cert.pem

       

      to be sure stop the filemaker server

       

      3.>sudo launchctl stop com.filemaker.fms

       

       

      backup the file first

       

      4.>sudo cp /Library/FileMaker Server/CStore/serverCustom.pem /Library/FileMaker Server/CStore/serverCustom.pem.old

       

      edit the file serverCustom.pem and copy in the chain code


      5. sudo cat /Library/FileMaker Server/CStore/serverCustom.pem /downloaded/chain.pem > /Library/FileMaker Server/CStore/serverCustom.pem

       

      Start the server again

       

      6.>sudo launchctl start com.filemaker.fms

       

      Hope I helped someone

       

      Cheers Lars

        • 1. Re: Certificate in Filemaker Server 13.0.2 OS X not matching supported SSL certificate vendors
          BenGraham

          I have an existing SSL cert for the server.  I have been trying to convert the file to .pem and have not succeeded yet.  Also tried just changing the file extension to .pem.  I either get a message that the command used is not known or can't access the file, or private key not found.  My original certificate was simply the Web Server Certificate and the Private Key text in an email.  I had saved the text to 2 separate text files, then changed the extension to .crt.  This worked fine for my web server before the FM13 update that takes over port 80 and 443.

           

          So currently the default FMI certificate is in place in the Library/Filemaker Server/CStore folder .  Would following these steps work if I used the CERTIFICATE IMPORT steps without requesting a new certificate from the certificate provider? 

           

          Or perhaps a sudo command for this command example:

          fmsamdin certificate import c:\Documents\certificate.pem

          --keyfile c:\Documents\certificateKey.pem -–keyfilepass password 

           

          Also I had combined my web server certificate text with the private key into one file and called it comboCert.crt and tried to convert it using:

          openssl x509 -inform DES -in yourdownloaded.crt -out outcert.pem -text 

           

          Also tried:

          openssl x509 -in mycert.crt -out mycert.der -outform DER 

          and then take the output of that, (i.e. mycert.der) and call:

          openssl x509 -in mycert.der -inform DER -out mycert.pem -outform PEM 

          any other help on this so I can understand and get the correct domain name certificate installed into the Cstore folder.


          • 2. Re: Certificate in Filemaker Server 13.0.2 OS X not matching supported SSL certificate vendors
            malmsten

            Hi, the new key you get from the fmsadmin command is a protected key with password. I think you will have to have a new certificat with the request pem file that fmsadmin created. My old key and certificate wasn't password protected. The other problem is with the certificat chain as Terena isn't in the root.pem file.

            The bottom line is you probably have to get at new certrificate and I tested my method on two servers now.

             

            Cheers Lars

            Gotherburg University