daknetworks.com

You are here: Blog FileMaker Server Install Certificate

FileMaker Server Install Certificate

Client has a FileMaker Server installed at a datacenter. They need the certificate installed and working.

Generate a CSR

  • -open FILEMAKER SERVER.
  • -click DATABASE-SERVER > SECURITY.
  • -click CREATE-REQUEST.
  • -create a password by typing it in.
  • -when you do, a CSR file (certificate request) and a PRIVATE-KEY will be generated.
  • -the files are automatically kept here: C:\Program Files\FileMaker\FileMaker Server\CStore
  • -the CRS is called ServerRequest.pem
  • -this is just a text file. Open the file with NOTEPAD or TEXTEDIT or EDITPAD or NOTEPAD++ (not WORD).

Create a Signed Certificate

  • -take the contents of the CSR and give them to your SSL provider (GoDaddy, RapidSSL, Comodo, etc).
  • -once submitted, that will generate a signed certificate.
  • -it will also give you an intermediary certificate or chain certificate.

Gathering All the Certificates

  • -create a folder on the desktop of the FileMaker Server.
  • -create a new text file in the folder.
  • -copy the contents of the signed certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file.
  • -rename the file your.filemaker.domain.tld.crt
  • -create another new text file in the folder.
  • -copy the contents of the SHA-1 Root certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file.
  • -copy the contents of the intermediary certificate from your SSL provider (GoDaddy, RapidSSL, Comodo, etc) and paste them into the text file directly under the root certificate.
  • -so the file should look like this:

=================

-----BEGIN CERTIFICATE-----
root-certificate-here-blah-blah-blah
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediary-certificate-here-blah-blah-blah
-----END CERTIFICATE-----

=================

  • -rename the file chain.crt
  • -copy the file C:\Program Files\FileMaker\FileMaker Server\CStore\serverKey.pem to this folder as well.
  • -so the folder has 3 files:
    • 1-your.filemaker.domain.tld.crt
    • 2-chain.crt
    • 3-serverKey.pem

Install the Certificate on FileMaker Server

  • -click DATABASE-SERVER > SECURITY.
  • -click IMPORT CERTIFICATE.
  • -for SIGNED-CERTIFICATE choose the file your.filemaker.domain.tld.crt
  • -for PRIVATE-KEY choose the file serverKey.pem
  • -for INTERMEDIATE-CERTIFICATE choose the file chain.crt
  • -for password, type in the password create during the CRS in the first step.
  • -click IMPORT.
  • -restart the service (or restart the server).

That should do it! You're awesome! You now have a green lock in the FileMaker Pro clients running around the country and everyone is happy.

NOTES

What makes this difficult is the terminology and the different certificate types and extensions (crt, cer, pem, p7s, etc). Naturally, I think most people try to use CER files by mistake.

Also the Intermediate certificate is a pain since sometime it is needed but not provided. When it is provided, they expect you to know what to do with it.

Lastly, sometimes they provide 2 Intermediate certificate along with their root-certificates and they expect you to know which one to use. Hint, use SHA-1-root with FM Server v16.

Here are the intermediate certificates for RAPIDSSL:

https://knowledge.digicert.com/generalinformation/INFO1548.html#links

  • -find ROOT
  • -click DOWNLOAD
  • -it will show the root-certficate.
  • -put this at the top of the chain.crt (which has nothing other than this pasted text).
  • -find INTERMEDIATE CA
  • -click DOWNLOAD
  • -it will show the intermediate-certficate.
  • -put this in the same file but under the root certificate.
  • -save the file as chain.crt

Contact Dak Networks

Please contact us at the following.