7 Replies Latest reply on Jun 9, 2015 6:38 PM by kiwikaty

    SSL Green Padlock in FM14 Mac but not Windows

    KevinMullins

      Now that the most recent patch has come out for FMS14 I have my custom SSL cert installed.  However, things are not all roses.  In the Mac client I get a green padlock and Web Direct is showing the secure connection and the correct SSL cert information.  Windows FMPA14 isn't showing a green lock icon.  Get ( ConnectionAttributes )on both Mac and Windows shows:

       

      [ Peer Certificate ]

      commonName: {mydomain}

      CA Issuers: Go Daddy Secure Certificate Authority - G2

       

      Get ( ConnectionState ) on the Mac returns a 3 (for a secured connection with a fully verified server name in the certificate) and a 2 for a secured connection (SSL) when the server name doesn’t match the certificate (default FileMaker Server installation).


      Not sure how connecting to the same server and opening the same database should cause two different results.


      Any thoughts?


      Kevin

        • 1. Re: SSL Green Padlock in FM14 Mac but not Windows
          ch0c0halic

          One issue may be how you are connecting.

           

          What I've seen is when using a saved favorite FMP appears to know what certificate was in use at the time the favorite was saved and seems to use it first when connecting. I suggest deleting the favorite and restarting FMP before testing the connection again.

           

          On a Mac the saved password in the Keychain appears to (sometimes) have the same effect. I had to also delete them before I was able to establish a validated Certificate secure connection.

          • 2. Re: SSL Green Padlock in FM14 Mac but not Windows
            kiwikaty

            Hi there

             

            I saw the same issue on windows and after upgrading a number of servers and could not work out why some solutions were showing the green padlock and others were not. It turned out it was my opener files. The ones that had the dsn for the servers in the external file path were showing as padlocked, the opener files where I had used the IP in the file path were not. The solution was to change my opener files to use filepaths that used the DNS name not the IP.

             

            Not sure that this will help at all.

             

            Cheers

            Kiwikaty

            • 3. Re: SSL Green Padlock in FM14 Mac but not Windows
              KevinMullins

              Good idea, but it didn't work for me at first.  I removed the saved connection.  Restarted the computer, (never know with Windows) and then added the server back and had the same issue.

               

              On a whim, I removed again, restarted and tried a different server path. I setup the cert request for west.{myserver}.com but I noticed when the cert came back from godaddy it was just for {myserver}.com.  On the Mac, I am connecting to west.{myserver}.com and get the green icon.  On Windows, I set it going directly to {myserver}.com, and now I get the green lock.  It is going to suck when I want to put a website on the root address.

              • 4. Re: SSL Green Padlock in FM14 Mac but not Windows
                KevinMullins

                Good thing to keep in mind because I do setup opener files for the things hosted on the server.

                 

                Thanks

                • 5. Re: SSL Green Padlock in FM14 Mac but not Windows
                  ch0c0halic

                  Kiwikaty,

                   

                  That makes sense. The SSL certificate only has the DNS. Its very unlikely anyone would put their IP address into the Cert request. And since the connection relies on the DNS name in the cert as part of the validation it can only show the green lock when the DNS name is used for the FMP connection.

                  • 6. Re: SSL Green Padlock in FM14 Mac but not Windows
                    KevinMullins

                    Actually without a prefix the cert should be a wildcard cert and work just like it does on the Mac. I am a little disappointed in both how Filemaker generate the CSR and then how Windows and Mac behave differently, but such is life.

                    • 7. Re: SSL Green Padlock in FM14 Mac but not Windows
                      kiwikaty

                      Oh yes, Perfect sense. Just the openers have been around for years and simply converted though versions and there was a time when fm was quicker opening files using IP than DNS in our environment which is why they would have had IP’s. We have always kept IP’s when migrating to new servers so it has never been an issue. It just that since I rarely look inside our openers it was not immediately obvious why some solutions where padlocked and others weren’t. Now I know the answer it is terribly obvious. Isn’t that always the way.