Is it possible to get an zertifikat and install this for a mac OSX (exemplate 10.10), a machine, which is running Filemaker Server. It ist not an “OSX-Server” (This is not necessary for runnig Filemaker-Server.
I am not a Unix-Crack on Terminal und such things.
I guess Filemaker Server will work only with CAs for that Filemaker Inc. put the root-certs into the app. I think Filemaker Server do not use the Mac OSX keychain for the certs.
We’ve recently posted instructions for using Let’s Encrypt certificates with FileMaker Server on Mac.
Hi. I read the above with interest. I'm in the process of of helping someone with getting FMS 18 running in a VM with an LE cert. From my understanding LE provides a DV certificate, right? To run FMS at all, isn't there an OV cert required? I'm not an FMS expert.
There aren't any particular cert requirements for SSL certificates with FMS. LE certificates are just fine. It's technically possible to run FMS without a valid cert, or without a certificate at all and to have all of your traffic unencrypted, but I wouldn't recommend it.
5 Likes
My colleague reports back that he is asked to open (and this is in German now):
My understanding is that he should use
cert.pem
privkey.pem
chain.pem (?)
Please read Does Let’s Encrypt issue certificates for anything other than SSL/TLS for websites? short answer is YES.
And read this too Let’s Encrypt offers Domain Validation (DV) certificates.
3 Likes
That would be the screen for if you're trying to import the certificates manually. LE certs can be imported through there if you already have them, just like any other certificates, but I (and LE) would recommend automating the process through something like a shell script so that you don't have to go through that dialog every few months.
3 Likes
Yes, I understand. And there is also a solution suggested in another link I found here (cited by you, @Smef , a couple of messages above).
For now the manual entry is just to verify functionality.
And the server has to have the FQDN that the certificate serves for, right?
Mostly yes. As Let's Encrypt also issues certificates containing wildcard domain names.
2 Likes
Yes, for the certificate to be considered valid the FQDN must match the certificate.
1 Like
If this means OSX 10.10, that is quite old and not natively supported. See: Certificate Compatibility - Let's Encrypt
To patch in support, you will need to do the following:
- Install the current Trusted Root Certificate for ISRG X1 - see: Chain of Trust - Let's Encrypt
- Delete the installed and expired "DST Root CA X3" certificate
You should do that for BOTH the OSX Root store (I believe you can use keychain access) and the openssl root stores (edit a file on the commandline)
3 Likes