Creating an SSL certificate for FileMaker Server 15

Creating a new custom SSL certificate for FileMaker Server

All machines running FileMaker Server should have their own custom SSL certificate. To obtain a new certificate or replace an expired certificate, follow the process separately for each server, including both servers in a two-machine deployment plus the Standby server.

1. Obtain a Fully Qualified Domain Name (FQDN).A server’s SSL certificate should be based on that machine’s Fully Qualified Domain Name (FQDN), for example, “myhost.mydomain.com”.

2.    Generate a Certificate Signing Request (CSR).

FileMaker 15 introduced support for creating CSRs via the Admin Console.

 i.     Go to Database Server > Security

ii.     Enable "Use SSL for database connections"

iii.     Click "Create Request" and follow the on screen instructions. NOTE: This will be in a .pem format. Open the file in a text editor to copy and paste the CSR.

The Private Key is stored in /Library/FileMaker\ Server/CStore/serverKey.pem

3. Purchase a SSL certificate from a Certificate Authority (CA).

4. Import the certificate into FileMaker Server.
      • FileMaker 15 introduced support for importing certificates via the Admin Console.
      • Go to Database Server > Security
      • Enable "Use SSL for database connections"
      • Click "Import certificate" and follow the on-screen instructions.

5. Enable SSL in FileMaker Server
    In Admin Console, go to Database Server > Security and enable “Use SSL for database connections”.

6. Restart FileMaker Server

7. Test the connection

a. Database Server: Use FileMaker Pro to connect to a hosted file and check the security lock icons in the bottom-left corner of the window.

b. Web Server: Connect to your FQDN over https (https://) in a browser and check the security lock icon in the address bar.