Chat With Us
We are here for you!
Talk to a fellow human.
If security is important to your operations, all machines running FileMaker Server should have a custom SSL certificate. The standard FileMaker SSL certificate installed by default is available for test purposes only. Follow the process in this article to obtain a new certificate or replace an expired certificate.
Purchase a Fully Qualified Domain Name (FQDN)
Your Fully Qualified Domain Name (FQDN) is the public-facing address that you would like to use to access FileMaker Server. To obtain a FQDN, you must register your unique domain name with a DNS registrar who keeps the domain in sync with your server's IP address. Please keep the following points in mind:
Create a CSR for the domain name
A create a certificate signing request (CSR) is a hash file containing information about your domain, including the domain name, company, etc. When purchasing a SSL certificate, the CSR tells the Certificate Authority what domain to issue the certificate for.
To create a CSR:
This will create the following files in /FileMaker Server/CStore/ :
Multi-machine deployments: Go to each machine in the deployment and run the commands to create a CSR for each machine.
Purchase a SSL certificate
Multi-machine deployments: Use each machines CSR to purchase a separate certificate for each machine.
Import the certificate into FileMaker Server
After the purchase, you will recieve an email from the CA containing your server certificate (matching your domain name) and additional intermediate certificates. Only the server certificate needs to be imported. The certificate should be in Base64 PEM format. Common extensions are .pem, .crt, or .cer.
To import the certificate:
Multi-machine deployments: Run these commands on each machine in the deployment to import each matching certificate, then restart FileMaker Server on all machines.
Test the SSL certificate
After importing the certificate, a file named serverCustom.pem should be created in /FileMaker Server/CStore. This is your servers custom SSL certificate.