How to get rid of FileMaker default certificate

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to get rid of FileMaker default certificate

Bob Patin
OK, so in my ongoing saga of trying to get this machine working for my client, I’ve done the following:

FMS 15 w/update

Installed GoDaddy SSL certificate which shows up properly in FMPA 16 when I connect

When I try to hit a web page, which is stored in FileMaker Server/httpdocs/htdocs

the server invokes the FileMaker default certificate, so here is my question:

HOW do I get rid of the default cert?

Thanks,

Bob Patin
Longterm Solutions
[hidden email]
615-333-6858
FileMaker 9, 10, 11, 12 & 13 Certified Developer
http://www.longtermsolutions.com
-
iChat: [hidden email]
Twitter: bobpatin

FileMaker Consulting
FileMaker Hosting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting


_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get rid of FileMaker default certificate

Jimmy D. Jones
Bob,

I think you are using a two machine configuration.(?) Here its what I found. See Knowledge base article 14176,

http://help.filemaker.com/app/answers/detail/a_id/14176/

> Multi-machine deployments: Import the certificate onto the worker machine
>
> • Copy the following files from the master machine to any directory on the worker machine:
> • server certificate:  yourDomainName.crt  provided by the CA
> • intermediate certificate: chain.pem created above
> • private key file: serverKey.pem located in /FileMaker Server/CStore/
> • Import the same certificate on the worker machine via command prompt:
> • macOS: Open Terminal and run the command:
> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
> • Windows: Open Command Prompt (cmd) as an administrator and run the commands:
> cd “C:\Program Files\FileMaker\FileMaker Server\Database Server”
> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
> • Restart all machines in the deployment.
>
> Test the SSL certificate
>
> After importing the certificate, a file named serverCustom.pem should be created in /FileMaker Server/CStore. This is your server’s custom SSL certificate.
>
> • Database Server test: Use FileMaker Pro to connect to a hosted file and check the security lock icons in the bottom-left corner of the window.
> • Web Server test: Connect to the FQDN of your web server over https (https://<fqdn>) in a browser and check the security lock icon in the address bar.


___________
Jimmy Jones
FileMaker 14 Certified Developer
FileMaker, Inc. - an Apple subsidiary
5201 Patrick Henry Drive
Santa Clara, CA 95054, USA
408-987-3963
[hidden email]
For issues with internal systems, please email: [hidden email]

This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.



> On May 15, 2017, at 12:17 PM, Bob Patin <[hidden email]> wrote:
>
> OK, so in my ongoing saga of trying to get this machine working for my client, I’ve done the following:
>
> FMS 15 w/update
>
> Installed GoDaddy SSL certificate which shows up properly in FMPA 16 when I connect
>
> When I try to hit a web page, which is stored in FileMaker Server/httpdocs/htdocs
>
> the server invokes the FileMaker default certificate, so here is my question:
>
> HOW do I get rid of the default cert?
>
> Thanks,
>
> Bob Patin
> Longterm Solutions
> [hidden email]
> 615-333-6858
> FileMaker 9, 10, 11, 12 & 13 Certified Developer
> http://www.longtermsolutions.com
> -
> iChat: [hidden email]
> Twitter: bobpatin
> —
> FileMaker Consulting
> FileMaker Hosting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get rid of FileMaker default certificate

Bob Patin
Hi Jimmy,

Thanks so much for responding; this deployment is driving me batty. :)

No, it’s a one-machine config; the client is using RestFM, which resides inside the FileMaker Server/HTTPServer/htdocs folder.

The problem is, even though the SSL cert is installed properly in FileMaker Server, and gets loaded properly if you open a database remotely, it doesn’t get used if you hit one of the pages that are stored in “htdocs.”

So my thought was that if I could delete the default cert, it might start using the custom certificate.

The question is this: is it possible to delete the default cert  and if so, where is it stored?

Thanks,

Bob Patin
Longterm Solutions
[hidden email]
615-333-6858
FileMaker 9, 10, 11, 12 & 13 Certified Developer
http://www.longtermsolutions.com
-
iChat: [hidden email]
Twitter: bobpatin

FileMaker Consulting
FileMaker Hosting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting


> On May 15, 2017, at 6:28 PM, Jimmy D. Jones <[hidden email]> wrote:
>
> Bob,
>
> I think you are using a two machine configuration.(?) Here its what I found. See Knowledge base article 14176,
>
> http://help.filemaker.com/app/answers/detail/a_id/14176/
>
>> Multi-machine deployments: Import the certificate onto the worker machine
>>
>> • Copy the following files from the master machine to any directory on the worker machine:
>> • server certificate:  yourDomainName.crt  provided by the CA
>> • intermediate certificate: chain.pem created above
>> • private key file: serverKey.pem located in /FileMaker Server/CStore/
>> • Import the same certificate on the worker machine via command prompt:
>> • macOS: Open Terminal and run the command:
>> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
>> • Windows: Open Command Prompt (cmd) as an administrator and run the commands:
>> cd “C:\Program Files\FileMaker\FileMaker Server\Database Server”
>> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
>> • Restart all machines in the deployment.
>>
>> Test the SSL certificate
>>
>> After importing the certificate, a file named serverCustom.pem should be created in /FileMaker Server/CStore. This is your server’s custom SSL certificate.
>>
>> • Database Server test: Use FileMaker Pro to connect to a hosted file and check the security lock icons in the bottom-left corner of the window.
>> • Web Server test: Connect to the FQDN of your web server over https (https://<fqdn>) in a browser and check the security lock icon in the address bar.
>
>
> ___________
> Jimmy Jones
> FileMaker 14 Certified Developer
> FileMaker, Inc. - an Apple subsidiary
> 5201 Patrick Henry Drive
> Santa Clara, CA 95054, USA
> 408-987-3963
> [hidden email]
> For issues with internal systems, please email: [hidden email]
>
> This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.
>
>
>
>> On May 15, 2017, at 12:17 PM, Bob Patin <[hidden email]> wrote:
>>
>> OK, so in my ongoing saga of trying to get this machine working for my client, I’ve done the following:
>>
>> FMS 15 w/update
>>
>> Installed GoDaddy SSL certificate which shows up properly in FMPA 16 when I connect
>>
>> When I try to hit a web page, which is stored in FileMaker Server/httpdocs/htdocs
>>
>> the server invokes the FileMaker default certificate, so here is my question:
>>
>> HOW do I get rid of the default cert?
>>
>> Thanks,
>>
>> Bob Patin
>> Longterm Solutions
>> [hidden email]
>> 615-333-6858
>> FileMaker 9, 10, 11, 12 & 13 Certified Developer
>> http://www.longtermsolutions.com
>> -
>> iChat: [hidden email]
>> Twitter: bobpatin
>> —
>> FileMaker Consulting
>> FileMaker Hosting for all versions of FileMaker
>> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>>
>>
>> _______________________________________________
>> FMPexperts mailing list
>> [hidden email]
>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get rid of FileMaker default certificate

Jimmy D. Jones
I'm pretty sure the default cert not being there will either fail startup or fail the connection.

Have you tried the instructions for a two machine install for the WPE?

RESTfm is not an FMI product and it isn't testable by FMS. It's probably a bad idea to use it while testing the SSL cert.
Have you tried WebD or FMPHP? One of the FMS testable technologies.

As you know the connection from a browser to the computer is not the same as the FMP to FMS connection. The SSL cert you installed on FMS15 is for FMS<->FMP connections, not RESTfm. Is it using the FMS installed Apache?

From what I've heard, because I don't install Apache certs - our NCS person does that, the Web cert may not be installed with the FMS 14/15 cert install procedure. Also, the FMS cert doesn't always require the intermediate certs while the Web cert usually does.

On a newer note:
The FMS 16 cert install now requires the intermediate certs as well. And it is installed on the FMS Apache.

___________
Jimmy Jones
FileMaker 14 Certified Developer
FileMaker, Inc. - an Apple subsidiary
5201 Patrick Henry Drive
Santa Clara, CA 95054, USA
408-987-3963
[hidden email]
For issues with internal systems, please email: [hidden email]

This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.



> On May 15, 2017, at 4:54 PM, Bob Patin <[hidden email]> wrote:
>
> Hi Jimmy,
>
> Thanks so much for responding; this deployment is driving me batty. :)
>
> No, it’s a one-machine config; the client is using RestFM, which resides inside the FileMaker Server/HTTPServer/htdocs folder.
>
> The problem is, even though the SSL cert is installed properly in FileMaker Server, and gets loaded properly if you open a database remotely, it doesn’t get used if you hit one of the pages that are stored in “htdocs.”
>
> So my thought was that if I could delete the default cert, it might start using the custom certificate.
>
> The question is this: is it possible to delete the default cert  and if so, where is it stored?
>
> Thanks,
>
> Bob Patin
> Longterm Solutions
> [hidden email]
> 615-333-6858
> FileMaker 9, 10, 11, 12 & 13 Certified Developer
> http://www.longtermsolutions.com
> -
> iChat: [hidden email]
> Twitter: bobpatin
> —
> FileMaker Consulting
> FileMaker Hosting for all versions of FileMaker
> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>
>
>> On May 15, 2017, at 6:28 PM, Jimmy D. Jones <[hidden email]> wrote:
>>
>> Bob,
>>
>> I think you are using a two machine configuration.(?) Here its what I found. See Knowledge base article 14176,
>>
>> http://help.filemaker.com/app/answers/detail/a_id/14176/
>>
>>> Multi-machine deployments: Import the certificate onto the worker machine
>>>
>>> • Copy the following files from the master machine to any directory on the worker machine:
>>> • server certificate:  yourDomainName.crt  provided by the CA
>>> • intermediate certificate: chain.pem created above
>>> • private key file: serverKey.pem located in /FileMaker Server/CStore/
>>> • Import the same certificate on the worker machine via command prompt:
>>> • macOS: Open Terminal and run the command:
>>> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
>>> • Windows: Open Command Prompt (cmd) as an administrator and run the commands:
>>> cd “C:\Program Files\FileMaker\FileMaker Server\Database Server”
>>> fmsadmin certificate import <path to server certificate> --keyfile <path to serverKey.pem> --keyfilepass <private key password> --IntermediateCA <path to intermediate certificate>
>>> • Restart all machines in the deployment.
>>>
>>> Test the SSL certificate
>>>
>>> After importing the certificate, a file named serverCustom.pem should be created in /FileMaker Server/CStore. This is your server’s custom SSL certificate.
>>>
>>> • Database Server test: Use FileMaker Pro to connect to a hosted file and check the security lock icons in the bottom-left corner of the window.
>>> • Web Server test: Connect to the FQDN of your web server over https (https://<fqdn>) in a browser and check the security lock icon in the address bar.
>>
>>
>> ___________
>> Jimmy Jones
>> FileMaker 14 Certified Developer
>> FileMaker, Inc. - an Apple subsidiary
>> 5201 Patrick Henry Drive
>> Santa Clara, CA 95054, USA
>> 408-987-3963
>> [hidden email]
>> For issues with internal systems, please email: [hidden email]
>>
>> This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.
>>
>>
>>
>>> On May 15, 2017, at 12:17 PM, Bob Patin <[hidden email]> wrote:
>>>
>>> OK, so in my ongoing saga of trying to get this machine working for my client, I’ve done the following:
>>>
>>> FMS 15 w/update
>>>
>>> Installed GoDaddy SSL certificate which shows up properly in FMPA 16 when I connect
>>>
>>> When I try to hit a web page, which is stored in FileMaker Server/httpdocs/htdocs
>>>
>>> the server invokes the FileMaker default certificate, so here is my question:
>>>
>>> HOW do I get rid of the default cert?
>>>
>>> Thanks,
>>>
>>> Bob Patin
>>> Longterm Solutions
>>> [hidden email]
>>> 615-333-6858
>>> FileMaker 9, 10, 11, 12 & 13 Certified Developer
>>> http://www.longtermsolutions.com
>>> -
>>> iChat: [hidden email]
>>> Twitter: bobpatin
>>> —
>>> FileMaker Consulting
>>> FileMaker Hosting for all versions of FileMaker
>>> PHP • Full email services • Free DNS hosting • Colocation • Consulting
>>>
>>>
>>> _______________________________________________
>>> FMPexperts mailing list
>>> [hidden email]
>>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>>
>> _______________________________________________
>> FMPexperts mailing list
>> [hidden email]
>> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
>
> _______________________________________________
> FMPexperts mailing list
> [hidden email]
> http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get rid of FileMaker default certificate

Lyndsay Howarth
Hi Bob,

I had this problem in v15.
I think Chrome had the most useful feedback.
The problem was that when there were http links in the page I was calling as https, the page was seen as insecure.
My links were to Bootstrap CSS so when I changed them all to https... it all worked fine.

Kind Regards
Lyndsay

Sent from my iPad
Lyndsay Howarth
Bachelor of Education (Canberra '87)
[converted Dip.Teach (Goulburn '80)]
Certificate IV in IT [Multimedia] (Sydney '05)

Director
11th Hour Group Pty Ltd (est. 2000)
 - FileMaker Business Alliance (FBA) Member
 - FileMaker Technical Network (FTN) Member
Ph: (02) 6687 5367
http://www.11hrg.com.au
This email and its attachments are 'Commercial-in-confidence' © 2016

> On 16 May 2017, at 10:36 AM, Jimmy D. Jones <[hidden email]> wrote:
>
> I'm pretty sure the default cert not being there will either fail startup or fail the connection.
>
> Have you tried the instructions for a two machine install for the WPE?
>
> RESTfm is not an FMI product and it isn't testable by FMS. It's probably a bad idea to use it while testing the SSL cert.
> Have you tried WebD or FMPHP? One of the FMS testable technologies.
>
> As you know the connection from a browser to the computer is not the same as the FMP to FMS connection. The SSL cert you installed on FMS15 is for FMS<->FMP connections, not RESTfm. Is it using the FMS installed Apache?
>
> From what I've heard, because I don't install Apache certs - our NCS person does that, the Web cert may not be installed with the FMS 14/15 cert install procedure. Also, the FMS cert doesn't always require the intermediate certs while the Web cert usually does.
>
> On a newer note:
> The FMS 16 cert install now requires the intermediate certs as well. And it is installed on the FMS Apache.
>
> ___________
> Jimmy Jones
> FileMaker 14 Certified Developer
> FileMaker, Inc. - an Apple subsidiary
> 5201 Patrick Henry Drive
> Santa Clara, CA 95054, USA
> 408-987-3963
> [hidden email]
> For issues with internal systems, please email: [hidden email]
>
> This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.
>
>
>
>> On May 15, 2017, at 4:54 PM, Bob Patin <[hidden email]> wrote:
>>
>> Hi Jimmy,
>>
>> Thanks so much for responding; this deployment is driving me batty. :)
>>
>> No, it’s a one-machine config; the client is using RestFM, which resides inside the FileMaker Server/HTTPServer/htdocs folder.
>>
>> The problem is, even though the SSL cert is installed properly in FileMaker Server, and gets loaded properly if you open a database remotely, it doesn’t get used if you hit one of the pages that are stored in “htdocs.”
>>
>> So my thought was that if I could delete the default cert, it might start using the custom certificate.
>>
>> The question is this: is it possibl
_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to get rid of FileMaker default certificate

Bob Patin
Hi Lyndsay,

We’re testing using a simple link to a HTML page that has no redirects, and isn’t a PHP page with includes or anything… just

https://< <https://domain.com/test.html>domain.com <http://domain.com/>>/test.html <https://domain.com/test.html>

I’ve never configured servers this way; I always run web apps on a separate web server, but because of the client’s specific use case, he needs to use a one-machine configuration.

So… we keep hitting a test page that is in FileMaker Server/HTTPServer/htdocs.

Jimmy,


>> I'm pretty sure the default cert not being there will either fail startup or fail the connection.

I was guessing that as well...
>>
>> Have you tried the instructions for a two machine install for the WPE?

Done tons of 2-machine configs, but for his purposes, the client can’t use a 2-machine config.
>>
>> RESTfm is not an FMI product and it isn't testable by FMS. It's probably a bad idea to use it while testing the SSL cert.

Not using it yet.

>> Have you tried WebD or FMPHP? One of the FMS testable technologies.

At this point we’re just using a simple 2-word test.html page.
>>
>> As you know the connection from a browser to the computer is not the same as the FMP to FMS connection. The SSL cert you installed on FMS15 is for FMS<->FMP connections, not RESTfm. Is it using the FMS installed Apache?

Aha; so if I hear you correctly, it’s NOT going to be invoked for any pages inside "FileMaker Server/HTTPServer/htdocs folder;” is that right?

Thanks so much for your wisdom, both of you guys; this has been a huge hassle trying to get his site working.

Best,

Bob Patin
Longterm Solutions
[hidden email]
615-333-6858
FileMaker 9, 10, 11, 12 & 13 Certified Developer
http://www.longtermsolutions.com
-
iChat: [hidden email]
Twitter: bobpatin

FileMaker Consulting
FileMaker Hosting for all versions of FileMaker
PHP • Full email services • Free DNS hosting • Colocation • Consulting

_______________________________________________
FMPexperts mailing list
[hidden email]
http://lists.ironclad.net.au/listinfo.cgi/fmpexperts-ironclad.net.au
Loading...