To help work through this:
1) Do you have "Require secure connections" selected in the Admin Console under Database Server->Security?
2) Are you able to see and connect to databases via WebDirect?
1) I did originally and no change.
Interesting. What you describe is what I was seeing with FMS 13.0v3 and 13.0v4. If the certificate was in place and "Require Secure Connections" was on, no databases were available in FMPro or WebDirect.
What happens if you go to <path_to_FM-Server>/CStore and remove serverCustom.pem, serverKey.Pem and serverRequest.pem, then stop and restart the Database Server (i.e. in the Admin Console, not by restarting the whole machine)? Do the databases become available then?
I removed them and then I couldn't get the DB Server restarted via Admin Console so I had to reboot the whole server. After reboot, everything functioned normally.
I am finding with the v5 update it kills the SSL as well. If we remove the serverCustom.pem, serverKey, and serverRequest.pem, it will again run on the FMI SSL, which they say we should not do. I just got a new SSL for this update and it works for v1, v3, and v4.
Have you seen any other solutions to this problem.
To confirm we've exactly the same problem and have seen other posts, such as http://fmforums.com/forum/topic/90722-ssl-certificate-installation/
We've spent a lot of time on this building and rebuilding VMs using free trial certificates - we've tried both Geotrust and Comodo certificates and to date cannot access data files from FM Pro or FM Go with the certificate installed. For the record we're running 2 machine setups on Windows 2012 servers.
If we switch off 'Require Secure Connection' the databases reappear, switch it on again and they are no longer available within Open Remote File.
Same here. It doesn't seem like ssl certificates are much use in FM13. Let's hope that they sort this ridiculous situation out soon.
I use SSL certificates a lot because users getting prompted with security risk warnings in their browser are unprofessional and just generally unacceptable in my opinion. I use the cheap Comodo ones ($25 for 5 years) and they seem to work well.
Rumor is that Apple security raked FileMaker over the coals for not defaulting to a secure connections, etc. I expect that FileMaker 14 will default to secure connections and hopefully and easier way to manage certificates.
I made a feature recommendation that FileMaker become an SSL certificate authorized reseller and they sell validated certificates with their software so that FileMaker customers don't have to even know about the certificates other than they just work.
Expect certificate management to change a lot in FM 14. And I can only see it getting better than what we have now.
I hope that FMnext will sort this stuff out — but at the moment I have half an implementation of SSL. I'm going to have to restart the server to get it back to using its default certificate .
Good idea about Filemaker bundling SSL certificates along with FMServer — the current management of certificate is so arcane, that I'm sure most administrators don't even realise that they should install their own certificate.
You should be able to get this to work.
Pay very close attention to the info here: List of supported SSL certificate types and vendors for FileMaker platform | FileMaker
It must be of the exact type mentioned, it is not enough to get the same vendor. However, it seems like vendors keep changing how they market their SSL certs, so this can be difficult. From the top level of Comodo's site it isn't obvious which (if any) of the ones mentioned is the Elite cert, so had to search for it instead: https://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-elitessl.html
Also, I've found that I must stop & start the service (or on Mac OS, restart the fmserver_helperd process) whenever changing certificates. Stopping and starting FMS from the admin console was not sufficient.
The list of FM supported SSL certificates is very short and most (except Comodo) are pretty expensive. Be aware that FM went with this short list as they were getting FileMaker Go out the door and as an App on the Apple store, you can't add additional certificate support later on. They have to be included with the app. So the ones listed are the ones FileMaker has included support on the FM Go apps. However, if you don't use FM Go in your solution, then other certificates work too. I used to do that until I found that I could get a FM supported Comodo certificate from SSLS.com for cheap. Maybe in FM 14 there will be a much longer list of supported certificates, especially for FM Go. The rumor is that FM Go for 14 has been re-written in Swift and if FM really took the time to re-write the whole app, I bet certificate support improvement will be better. Lets hope so!
Thanks for the extra advice.
As others have pointed out, it's silly (to say the least) that FileMaker choses which certificates to trust!
After ten years of working with certificates for web servers and mail servers, I find that FileMaker is going out of it's way to make things difficult!
Have you tried the v9 update yet? I'm hesitant to update to it after going to v5. Do you know if this fixed the SSL issue we've been experiencing?