Managed to install my SSL certificates, but I am still not sure how to properly create the server request.pem as I used to do it on FMS16. Installed it using my previous certificate and it was really simple to do.
In 17 you have to create the CSR (cert signing request), to generate the serverRequest.pem, using the Admin CLI. You cannot do it from the admin console anymore.
If you already have a serverRequest.pem from a previous deployment then you can re-use that one. That's a normal use case for instance when you have a wild card cert. You don't need to regenerate the CSR on each machine.
It is rather easy to get a CSR on any server. I have been doing them in WHM, but there are other tools.
Installing a certificate on FMS 17 was smooth and easy. Happy this part is working well.
Thanks. Just one more thing. Where should we put the LicenceCert.fmcert in our folder structure. So it gets recognized. Thats the other big question I have now.
Ok my bad... Should have read before
FileMaker® Server 17 White Papers
We should all read this and have a look at its attachments, before deployment of Server 17.
Now I understand what wimdecorte meant by using the Admin CLI.
Yep, mandatory reading We spent a lot of time on it.
Quick summary: there are now 3 admin touch points for FMS:
- the Admin Console, lots of things have changed here
- the Admin Command Line Interface (CLI - not new but heavily updated, especially look at the new GET and SET commands)
- the Admin API: brand new RESTful way of communicating with FMS. Great for building your own admin console. Even if you don't want to do that, using it is very nice. The white papers mentioned above contain a full Postman collection of all the Admin calls you can make.
Something small but for your LicenceCert.fmcert, I had my Safari default download files set to Desktop. Change that back to default DOWNLOADS folder
Now it should recognize your Licence cert.
I highly recommend checking out Claus Lavendt's free FMS 17 Missing Admin Tool | The Brain Basket which goes the Admin Tool a few steps better, and it's a FM database. Very elegant and a very useful asset to the community.
Another Admin Tool that is a FileMaker client that will generate the SSL CSR for you is at www.TaylorMadeServices.com, click on Contacts and then on Community and you can download the Admin tool. It has been specifically tested with GoDaddy and OS X. It is an open tool you can modify if you want and you have full access to.
I have not used Claus Lavendt's database, but Taylor Sharpe's seems well done, easy to use, and quite powerful. Does require that Base Elements plug-in be installed on server....
I did one for internal use that uses BE on the server. Plugin is a must have for CLI from remote. Just the way it has to be.
I run Server 15 and only have one adress and it's only me using the connection.
What cert. do you guys recommend?
I used .app domain with free Certificate from GoDaddy for 16.99 (get both a domain and certificate for one low price) https://www.godaddy.com/tlds/app-domain
fmpdude has a tutorial using cheap certificate
Creating and Installing an SSL Certifcate for FMS 17 Using KeyTool
In my case it`s been really simple to setup and not that expensive to use GoDaddy standard certificates. Just remember that once you set up your stardard cert you cannot change the domain you save the first time. If you want to use diferrent domains for your cert, you need to purchase a Wildcard cert (more expensive). So as you say it is only you a standard cert would be more than fine.
I have a link here to a youtube video I made of installing a standard cert using goDaddy for Filemaker server 16.
SSL Problems? Step by step on how to configure your GoDaddy certificate and configuration
You have FMS15 and I remember some issues installing on 15 but maybe I am wrong.
This is not true and you can rekey the certificate to any domain name later.
There is specifically a selection in GD SSL setup to Change the Site your Certificate Secures.
When you can get FMS compatible certificates for less than $10, the GD price seems high.
Didnt know that. Thanks, and sorry for that to all.
Yes, bigtom is correct, just rekey the certificate.
Rekey my certificate | SSL Certificates - GoDaddy Help US
Does anyone have suggestions for standard SSL certificates other than GoDaddy? Cloudflare offers them for free for personal websites (which my FM server is).
GoDaddy offers a free certificate when you purchase a .app domain .APP Domain Names | Register Your .APP domain - GoDaddy 16.99 first year 23.99 second year.
Here is a tutorial using namecheap.com 8.88 certificate Creating and Installing an SSL Certifcate for FMS 17 Using KeyTool
List of supported certificates for FMS 17
You need to stick with CAs from the approved list.
bigtom wrote: You need to stick with CAs from the approved list.
My understanding is the reason has to do with support of SSL certificates on the iOS devices where support for them has to be preconfigured in the OS or something like that? So you may be able to for another SSL certificate to work that is not approved, but it will probably fail for iOS SSL connections.
I personally have no problem trying other certificates on a development or test system. But for production systems, sticking with the approved FMI list of Certificate Authorities is appropriate.
I do like schamblee's comment about discounted GoDaddy certificates. GoDaddy's standard SSL certificates are FMI approved and saving money is always nice. Thanks schamblee!!!!!
Retrieving data ...