FileMaker Server Install CertificateClient has a FileMaker Server installed at a datacenter. They need the certificate installed and working.
Generate a CSR
- -open FILEMAKER SERVER.
- -click DATABASE-SERVER > SECURITY.
- -click CREATE-REQUEST.
- -create a password by typing it in.
- -when you do, a CSR file (certificate request) and a PRIVATE-KEY will be generated.
- -the files are automatically kept here: C:\Program Files\FileMaker\FileMaker Server\CStore
- -the CRS is called ServerRequest.pem
- -this is just a text file. Open the file with NOTEPAD or TEXTEDIT or EDITPAD or NOTEPAD++ (not WORD).
Create a Signed Certificate
- -take the contents of the CSR and give them to your SSL provider (GoDaddy, RapidSSL, Comodo, etc).
- -once submitted, that will generate a signed certificate.
- -it will also give you an intermediary certificate or chain certificate.
Gathering All the Certificates
- -create a folder on the desktop of the FileMaker Server.
- -create a new text file in the folder.
- -copy the contents of the signed certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file.
- -rename the file your.filemaker.domain.tld.crt
- -create another new text file in the folder.
- -copy the contents of the SHA-1 Root certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file.
- -copy the contents of the intermediary certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file directly under the root certificate.
- -so the file should look like this:
=================
-----BEGIN CERTIFICATE-----
root-certificate-here-blah-blah-blah
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediary-certificate-here-blah-blah-blah
-----END CERTIFICATE-----
=================
- -rename the file chain.crt
- -copy the file C:\Program Files\FileMaker\FileMaker Server\CStore\serverKey.pem to this folder as well.
- -so the folder has 3 files:
- 1-your.filemaker.domain.tld.crt
- 2-chain.crt
- 3-serverKey.pem
Install the Certificate on FileMaker Server
- -click DATABASE-SERVER > SECURITY.
- -click IMPORT CERTIFICATE.
- -for SIGNED-CERTIFICATE choose the file your.filemaker.domain.tld.crt
- -for PRIVATE-KEY choose the file serverKey.pem
- -for INTERMEDIATE-CERTIFICATE choose the file chain.crt
- -for password, type in the password create during the CRS in the first step.
- -click IMPORT.
- -restart the service (or restart the server).
That should do it! You're awesome! You now have a green lock in the FileMaker Pro clients running around the country and everyone is happy.
Test the certificate: echo GET | openssl s_client -connect yourwebnameserver.tld:5003
NOTES
What makes this difficult is the terminology and the different certificate types and extensions (crt, cer, pem, p7s, etc). Naturally, I think most people try to use CER files by mistake.
Also the Intermediate certificate is a pain since sometime it is needed but not provided. When it is provided, they expect you to know what to do with it.
Lastly, sometimes they provide 2 Intermediate certificate along with their root-certificates and they expect you to know which one to use. Hint, use SHA-1-root with FM Server v16.
Here are the intermediate certificates for RAPIDSSL:
https://knowledge.digicert.com/generalinformation/INFO1548.html#links
- -find ROOT
- -click DOWNLOAD
- -it will show the root-certficate.
- -put this at the top of the chain.crt (which has nothing other than this pasted text).
- -find INTERMEDIATE CA
- -click DOWNLOAD
- -it will show the intermediate-certficate.
- -put this in the same file but under the root certificate.
- -save the file as chain.crt