Creating a new custom SSL certificate for FileMaker Server
All machines running FileMaker Server should have their own custom SSL certificate. To obtain a new certificate or replace an expired certificate, follow the process separately for each server, including both servers in a two-machine deployment plus the Standby server.
1. Obtain a Fully Qualified Domain Name (FQDN).A server’s SSL certificate should be based on that machine’s Fully Qualified Domain Name (FQDN), for example, “myhost.mydomain.com”.
2. Generate a Certificate Signing Request (CSR).
FileMaker 15 introduced support for creating CSRs via the Admin Console.
i. Go to Database Server > Security
ii. Enable "Use SSL for database connections"
iii. Click "Create Request" and follow the on screen instructions. NOTE: This will be in a .pem format. Open the file in a text editor to copy and paste the CSR.
The Private Key is stored in /Library/FileMaker\ Server/CStore/serverKey.pem
3. Purchase a SSL certificate from a Certificate Authority (CA).
4. Import the certificate into FileMaker Server.
• FileMaker 15 introduced support for importing certificates via the Admin Console.
• Go to Database Server > Security
• Enable "Use SSL for database connections"
• Click "Import certificate" and follow the on-screen instructions.
5. Enable SSL in FileMaker Server
In Admin Console, go to Database Server > Security and enable “Use SSL for database connections”.
6. Restart FileMaker Server
7. Test the connection
a. Database Server: Use FileMaker Pro to connect to a hosted file and check the security lock icons in the bottom-left corner of the window.
b. Web Server: Connect to your FQDN over https (https://) in a browser and check the security lock icon in the address bar.