The FileMaker Cloud is here, and we are excited!
There are many great things to say about the FileMaker Cloud and we think this is a very important and great addition to our platform.
One thing we must realize is that what we have now is a 1.0 release, which means that there can be some “rough edges” that needs to be polished in future releases. One such edge is the process of renewing the SSL certificate, that your FileMaker Cloud instance is installed with. (you get 90 days free)
Frankly, the process is very complex, even for seasoned developers and server admins and involve several terminal commands.
Wouldn’t it be great, if there was an app for that ?
That’s what we thought, so we have created a FileMaker Custom App, that helps you with the process of renewing your FileMaker Cloud SSL Certificate. Not only is this app completely free, it is also completely open source. And you can download it below.
Now, how do I use this tool ?
I’m glad you asked. Richard Carlton and Claus Lavendt did a video on this topic, where we are walking through the tool and explains the process. Beside a walkthrough of the tool, we also discuss the concepts behind and we think this video is worth a watch.
Richard Carlton Consulting is producing awesome videos for the community as well as several video courses for everyone that wants to learn FileMaker. Check out their offerings at www.learningfilemaker.com
Claus Lavendt is Senior Consultant and owner of DataManix. We are leading FileMaker experts and beside creating great custom solutions for our customers, we have a deep passion for our platform. We also consult for our colleagues in the community and is among the top experts on FileMaker Server, FileMaker Go and several other areas of our platform. If you need help with your server, you can contact us. We also have a Managed FileMaker Server service, where we can take care of your server, so you can focus on creating great apps for your users. www.datamanix.com
PLEASE NOTE: We have found a bug in the tool.
If you already downloaded this tool, please download this new version 1.3.0 and follow these instructions:
1) Open the tool, use the slide panel dots to navigate to the second panel (step 1). Fill out your Instance URL
2) Make sure you still have the working folder in your Documents folder: /Documents/FMC_SSL/
3) Navigate to the second last slide panel, using the slide panel dots
4) Follow the instructions in step 5 and press the button “OK – I have done that”
5) Now the tool concatenate the 2 files from Comodo and you can now re-import the certificate file into your FileMaker Cloud instance.
Please provide your name and email address for your free* download.
Free means “Yes please, I´d like to receive up to four mails a year
with relevant information about TheBrainBasket universe.”
Free means “Yes please, I´d like to receive up to four mails a year with relevant information about TheBrainBasket universe.”
Your information stays with us!
Thanks for such a wonderful tool and for sharing it with the FM community, Claus! A great example of taking a complex process and simplifying it using FileMaker. Well done!
Thank you for your tool for SSL! I don’t think I could have renewed without it, especially since I let the cert expire… So this is to say that even if the cert does expire, with your tool, and patience… you can renew the cert, so awesome!
Thanks so much for supporting the community,
Michael Ashley
Thanks for your feedback.
Glad the tool helped you.
I followed all of the steps and used the 1.3.0 version but when I try to import the certificate I receive the following error message:
“This certificate does not match the private key [/opt/FileMaker/FilemakerServer/CStore/serverKey.pem]. Error: 20621 (Key doesn’t match certificate)
Is this a common problem and is there a way to solve it?
Thanks for this tool,
Emily
Hi Emily
The error message you get, is actually telling you the problem.
It seems that the private key, that the server generates during the process, has been re-generated after you created the Certificate Request. I have heard the same issue experienced by a few others, but not seen it myself. However, if you do the process again, you should get a CSR, which uses the current Private key and then your signed certificate will be created with the same private key.
So, please try the entire process again. You should be able to re-issue your certificate with your vendor, so you don’t need to pay again.
Hope this helps.
/Claus Lavendt
Claus,
wonderfule SSL tool for the FMCloud – was working thru it and and when you push the .txt file to the cloud instance, I get a 404 error that the file cannot be found. Do I need to leave the terminal session open? (You said to exit it…)
Hi Alan
Thanks for your interest in the tool.
If you get a 404 error, it seems like the file is not uploaded correctly.
It probably is due to permission issue.
Please make sure to follow the guide and pay attention to the permissions part.
Hope this helps.
/Claus Lavendt
Are you referrring to the initial SSH setup, copied from your tool? I just watched your video and all worked up to getting the 404 error when I expected to see the SHA-1 text file in the web browser…
My apologies for not being able to remember all details as I am very busy at the moment, but at some point before this, the tool should try to modify permissions on the httproot folder so we can upload the file.
The 404 indicates that we were not able to upload the file.
Look in the code of the tool for a chmod command
Hi Claus,
Thank you so much. I’ve been caught out by the 90 day expiration and desperately trying to get my solution back up and running. Everything was going well until I tried to connect using terminal. It returned the following message – Permission denied (publickey,gssapi-keyex,gssapi-with-mic)
Any ides?
Pete
Hi Peter
You are welcome. Hopefully the video and tool can help people with this very complicated process.
I can think of 2 possible reasons for the error message;
– you need to modify security groups for your instance in the AWS console to allow for SSH port 22 access from your IP location
– you need to have the private key file, that you created during the setup of your cloud instance.
I can’t know for sure, but hope this helps.
If you haven’t watched the video on youtube, please do so as we explain the process here.
Good news !
FileMaker Inc. has released a new version of FileMaker Cloud, that makes this process sooo much easier.
I published an article, taking about this new version in regards of the improvement to SSL renewal.
https://medium.com/@DataManix/filemaker-cloud-1-15-2-32-released-and-this-is-good-news-for-your-ssl-5b99c61f9911
Hi and thanks so much for the tool…I’m puzzled by the “?” I am getting in the Certificate Request Field in panel 5 after running the Terminal command. I’ve tried to start from scratch a couple times and I’m not sure if that is problematic. The last time I tried, I added the extension .txt to my key pair, thinking it might make a difference. Either way, when I run the command, since already running it once and giving permission to the server to allow connection from my IP, I haven’t had to acknowledge permission again. Do I need to undo something, to truly restart the process?
Hi Daniel
I sounds like you are missing the BaseElements plugin, which should be installed when you open the tool.
Please ensure the plugin is installed and enabled.
/Claus Lavendt
Thanks for this…it’s almost resolved however mine shoes SHA256 not SHA-1. I can’t get through the “Upload verification file” part
Sorry wasn’t sure if my note went through.
Mine doesn’t show SHA-1, rather SHA256. However I went ahead anyway and copy/pasted both the MD5 and SHA256 number into the Filemaker database in your awesome step by step and after clicking “OK” at the “Now we are going to create…”, it pops open a new page in Safari with the URL ending in the .txt for the file that was supposed to be uploaded, but comes up with an error indicating it’s not there.
Hi Joshua
It’s not clear, whether you are trying to renew the default certificate or if you are purchasing for your own domain.
However, if you are renewing the default certificate, you should use the built-in process as FileMaker has essentially built the process from my tool, directly into FM Cloud.
If you are using my tool for the process of purchasing and installing a certificate for your own domain, it is highly unlikely that you should use the steps, where we upload a text file to the server, which is used to verify that you have control over the server.
When you purchase a domain validated certificate, the validation is normally done by sending an email to hostmaster@yourdomain.com with links to verify that you have access to this mail account.
The reason for the step with uploading a verification file, is because you are purchasing a certificate for a subdomain, that is controlled by FMI. In that case, you will never be able to access a mail box for the hostmaster of that domain, since it belongs to FMI.
So, you can use my tool to purchase and install a custom certificate for your own domain – though you should skip the steps with the verification file.
If you need to renew the default certificate (so your instance would be named something like joshuabrock1.fmi.filemaker-cloud.com) you should use the process that you can access from the Cloud Admin Console.
Is this process still necessary? I noticed the cloud console has a simple import feature much like FMS17. Isn’t it the same process now?
Hi Corey
Thank you for your interest.
No, FileMaker did integrate the entire SSL process for certificates, that can be used for FMC with FileMaker’s domain; filemaker-cloud.com
However, if you want to use FMC with your own domain, you will need to go through a process, similar to the entire process in this tool. In other words, by omitting a couple of the steps in the tool, you can use it to create a Certificate Signing Request, so you can purchase a custom certificate for your domain name, and then you can use the install function in the Cloud Admin Console to import the signed certificate, you receive from your vendor.
In FMS17, FileMaker “forgot” to include the step to generate the CSR file in the admin console. So you will need to use a CLI command to do this. The missing admin tool have a tool to help you generate this CLI command.
After you receive your signed custom certificate, you can use the admin console to import the certificate.