[FX.php List] [OFF] FMS13 & SSL?

Joel Shapiro mail at jsfmp.com
Tue Jul 15 15:57:12 MDT 2014


Darn that Go!

Thanks for the extra info.  Interesting thought about the 2-machine config.  Seems some have had problems using the command-line installation on 2-machine configs:
http://fmforums.com/forum/topic/90722-ssl-certificate-installation/

And FWIW here's the doc w/ SSL install instructions (Appendix D):
http://www.filemaker.com/nl/support/docs/downloads/security_guide_13_en.pdf

Best,
-Joel


On Jul 15, 2014, at 2:42 PM, Steve Winter <steve at bluecrocodile.co.nz> wrote:

> Also worth mentioning is that the small list of SSL providers and types is because the same cert is used for connections between FMS and the web and FMS and FMP/FMGo and it's because of the route certs in Go that you can only use those providers...
> 
> However if as in your case you have a two machine install then it may be possible that you could install a non-approved provider cert in the web machine (i.e a cheaper one) and then have your web connections secured with a 'real' certificate, leaving the FMI self-signed one in place on the primary server for Pro/Go connections.
> 
> YMMV
> Steve
> 
> Sent from the iPhone of Steve Winter
> Matatiro Solutions
> steve at matatirosolutions.co.uk
> +44 777 852 4776
> 
>> On 15 Jul 2014, at 22:33, Steve Winter <steve at bluecrocodile.co.nz> wrote:
>> 
>> Howdy
>> 
>> Yes it can, and yes it does, because the FMS install establishes its own instance of the httpd service (which IIS also uses) installs its own SSL cert into that, and takes over the task of serving data through port 443 on that machine.
>> 
>> You can install your own certificate so long as it's issued by one of a small set of SSL certificate providers, using the fmsadmin command line tool. On a train at the mo, so can't find references, but google and/or the FMS docs can provide details.
>> 
>> Cheers
>> Steve
>> 
>> Sent from the iPhone of Steve Winter
>> Matatiro Solutions
>> steve at matatirosolutions.co.uk
>> +44 777 852 4776
>> 
>>> On 15 Jul 2014, at 21:58, Joel Shapiro <mail at jsfmp.com> wrote:
>>> 
>>> Hi all
>>> 
>>> It seems FMS13 comes w/ a default SSL certificate, such that hitting an FMS13 site on https can bring up an "untrusted connection/invalid certificate" warning.  ("The certificate is only valid for FMI Certificate Authority...")  I've seen this on two different servers now -- both Windows.
>>> 
>>> My question:
>>> Is it possible that this FMI cert could override an existing cert?  I've got a client who's setting up FMS13 now (2-machine).  Their tech dept said they'd installed an SSL cert on the web server but we didn't test it before installing FMS.  Now when we go to https we get the FMI "invalid certificate" warning.  The tech dept isn't the friendliest, so we're trying to check if the FMS install could have overwritten the existing cert -- or if this means that there was never one before FMS.
>>> 
>>> Does anybody know?
>>> 
>>> TIA,
>>> -Joel
>>> 
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> 
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list