FileMaker 15 product family was released today !
There are several great things to say about the new release.
One thing that is very interesting, is the changes made to FileMaker Server 15 and SSL certificates. We now have a better and easier way to install certificates, using the FileMaker Server Admin Console. Not only that, but now there is support for more certificate. Most interesting is the support for wildcard and SAN certificates and intermediate certificates.
Want to know more about what this is all about ?
Richard Carlton and Claus Lavendt has created a video that explains all about the new way to install certificates. We also talk about the principles of DNS and SSL. Watch the video, that Richard Carlton and his team has put together below.
Also take a look at their great site; learningfilemaker.com – where you can get great content and learn all about developing FileMaker.
You can ask questions and add comments below, where we will do our best to provide answers about this exciting area of FileMaker Server 15.
Hello Claus,
Thanks for your insightful video.
Can you share with me exactly which RapidSSL did you use? how did you know it would work with FM15?
Other than supported ones, are there other choices that are more economical, less paper works that works with Filemaker 15 server.
I am thinking about purchasing the RapidSSL Wildcard (https://www.ssls.com/ssl-certificates/geotrust-rapidssl-wildcard). Would this work?
Thanks,
Anthony
Hi Anthony
I am using the RapidSSL Wildcard certificate.
After talking with FMI engineers, we determined that it was likely that this one would work.
So, I tried and it worked perfectly, as long as you remember to include the intermediate certificate in the install process.
I don’t know the site you are referring to, but it looks like it is the RapidSSL wildcard certificate type.
Without guaranties, I would believe this to work.
Claus Lavendt
For those new to this, take the comments that you should use a certificate authority tested with Filemaker. My IT group used an internal signing tool and it did not work. Got a cert from GoDaddy and it worked. This is not what I expected. I thought certs would be standard, and any cert would work.
Another note. If you are running the admin console remotely (which is the point right?), importing the certificate is not straightforward. You cannot click Private key file and select the private key because the admin console accesses files on your local mac/pc. So you cannot import the private key which was left on the server (when you did “create request”. The admin console provides NO help finding or downloading the Private Key file. The easiest way is to start the admin console on the server using some form of windowed server like Microsoft Remote desktop (except you need to get the other two files there). Then you just need to know the magic directory (in the video) where the Private Key is stored. That directory is under the Filemaker server install directory, in sub-directory CStore (C:\Program Files\FileMaker\FileMaker Server\CStore in MS server). You can access it there directly in the admin console if you have admin console from the server itself. If you run the console remotely, you will have to manually copy the Private key from the server to your client that is running the remote console, so you can import it. This seems like a slight over-sight on the part of filemaker. They could provide a download option like they do for the cert request, or at import time they should get the private file where they left it on the server (this is much better, private keys should not be floated around.
Hi Mark
In the video, I do say that you should install the certificate on the server itself, in order to select the private key.
While I am not in charge of how FileMaker create their products, it would be a security concern to allow download of a private key from the server. That is probably why you can’t do that.
On the other hand, since the private key is located in the CStore folder, it should not be required to select the private key as the UAC should be able to tell it’s location.
Please feel free to make these suggestions to FileMaker Inc. on the community forum.
On the note of supported certificates, I do expressively say that you need to check supported certificates on FileMaker website.
Unfortunately, there is many types of certificates out there and a software vendor can’t support every single one. Agree that it would be nice if there only was one option, but that will not likely happen. I would not expect FileMaker Inc. to support every single type out there as that would require way too much engineering efforts on this particular area instead of creating an even better platform.
Hope this tool and video did help you in the process.