[FX.php List] [OFF] FMS13 & SSL?

Joel Shapiro mail at jsfmp.com
Tue Jul 15 21:22:21 MDT 2014


Hi Chris

Thanks for the reply.

My understanding is that the changes that came w/ FMS13 made it hard/impossible to host different domains on one server, so setting up FMS as a one-machine config and then using a separate non-FM web server, pointing to the FMS server, was a way to get around that -- just like hosting a CWP site on a godaddy server and pointing to some FMS elsewhere.  But I'd imagine there must be some performance loss by not having the WPE on the second server -- as in a "real" two-machine config -- so if you've got the two machines and don't need to host multiple sites, it seems you wouldn't want to use that setup.  Or don't I understand correctly?

FWIW: The tech dept in my situation just had to edit the website binding and the originally installed SSL cert is working again.  (I'm going to try to get more details from them)

Best,
-Joel


On Jul 15, 2014, at 5:04 PM, Chris Hansen <chris at iViking.org> wrote:

> Also, keep in mind the "non-traditional" 2-machine install that Bob Patin (correct me if I'm wrong, Bob) has been using. Namely, a dedicated web server machine, and an "all FileMaker stuff" machine.  Used that way, you could use whatever cert you want on the web server.  You can set up the cURL used by FX.php to ignore the cert warnings (if it doesn't already), and no worries about a user seeing one, as they'd only be connecting via the cert on the web server.
> 
> Just a thought...  Hopefully it's at least somewhat useful to someone =)
> 
> Best,
> 
> --Chris
> 
> On Jul 15, 2014, at 3:57 PM, Joel Shapiro <mail at jsfmp.com> wrote:
> 
>> Darn that Go!
>> 
>> Thanks for the extra info.  Interesting thought about the 2-machine config.  Seems some have had problems using the command-line installation on 2-machine configs:
>> http://fmforums.com/forum/topic/90722-ssl-certificate-installation/
>> 
>> And FWIW here's the doc w/ SSL install instructions (Appendix D):
>> http://www.filemaker.com/nl/support/docs/downloads/security_guide_13_en.pdf
>> 
>> Best,
>> -Joel
>> 
>> 
>> On Jul 15, 2014, at 2:42 PM, Steve Winter <steve at bluecrocodile.co.nz> wrote:
>> 
>>> Also worth mentioning is that the small list of SSL providers and types is because the same cert is used for connections between FMS and the web and FMS and FMP/FMGo and it's because of the route certs in Go that you can only use those providers...
>>> 
>>> However if as in your case you have a two machine install then it may be possible that you could install a non-approved provider cert in the web machine (i.e a cheaper one) and then have your web connections secured with a 'real' certificate, leaving the FMI self-signed one in place on the primary server for Pro/Go connections.
>>> 
>>> YMMV
>>> Steve
>>> 
>>> Sent from the iPhone of Steve Winter
>>> Matatiro Solutions
>>> steve at matatirosolutions.co.uk
>>> +44 777 852 4776
>>> 
>>>> On 15 Jul 2014, at 22:33, Steve Winter <steve at bluecrocodile.co.nz> wrote:
>>>> 
>>>> Howdy
>>>> 
>>>> Yes it can, and yes it does, because the FMS install establishes its own instance of the httpd service (which IIS also uses) installs its own SSL cert into that, and takes over the task of serving data through port 443 on that machine.
>>>> 
>>>> You can install your own certificate so long as it's issued by one of a small set of SSL certificate providers, using the fmsadmin command line tool. On a train at the mo, so can't find references, but google and/or the FMS docs can provide details.
>>>> 
>>>> Cheers
>>>> Steve
>>>> 
>>>> Sent from the iPhone of Steve Winter
>>>> Matatiro Solutions
>>>> steve at matatirosolutions.co.uk
>>>> +44 777 852 4776
>>>> 
>>>>> On 15 Jul 2014, at 21:58, Joel Shapiro <mail at jsfmp.com> wrote:
>>>>> 
>>>>> Hi all
>>>>> 
>>>>> It seems FMS13 comes w/ a default SSL certificate, such that hitting an FMS13 site on https can bring up an "untrusted connection/invalid certificate" warning.  ("The certificate is only valid for FMI Certificate Authority...")  I've seen this on two different servers now -- both Windows.
>>>>> 
>>>>> My question:
>>>>> Is it possible that this FMI cert could override an existing cert?  I've got a client who's setting up FMS13 now (2-machine).  Their tech dept said they'd installed an SSL cert on the web server but we didn't test it before installing FMS.  Now when we go to https we get the FMI "invalid certificate" warning.  The tech dept isn't the friendliest, so we're trying to check if the FMS install could have overwritten the existing cert -- or if this means that there was never one before FMS.
>>>>> 
>>>>> Does anybody know?
>>>>> 
>>>>> TIA,
>>>>> -Joel
>>>>> 
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>> 
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>> 
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> 
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> 
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list