Use the Deployment assistant on a worker machine to install a signed SSL certificate or to connect a worker machine to a master machine.
1. Start the Deployment assistant on the worker machine. See Starting the Deployment assistant on a worker machine.
2. Click Import Certificate.
•For Signed Certificate File, click Browse and choose the SSL certificate file that you received from the certificate authority (CA).
•For Private Key File, click Browse and choose the private key file (serverKey.pem) created in the CStore directory when you created the certificate signing request (CSR). See Creating a certificate signing request.
If you use a different method to create the CSR—for example, using a CA's website—then choose the private key file you obtained through that method.
•If your custom SSL certificate requires an intermediate certificate file, for Intermediate Certificate File, click Browse and choose the intermediate certificate file. If you get a CA certificate bundle from your CA, you can use this file as the intermediate certificate file.
•For Private Key Password, enter the password used for your private key file when you created the file.
3. Click Import to import the signed certificate.
4. If you need to import a different certificate, click Start Over and delete the existing certificate and private key files.
5. Restart the worker machine for the new certificate to take effect.
Note Certificate filenames should not include unsupported characters. For example, a certificate filename should not include an asterisk (*) character.
1. Start the Deployment assistant on the worker machine. See Starting the Deployment assistant on a worker machine.
2. For Connection Setup, enter:
•the master machine's host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the master machine.
•the worker machine's host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the worker machine.
•the server administrator user name and password that you use to log in to Admin Console on the master machine
3. Click Add to Master to connect the worker machine to the master machine.
When you see a message that the worker is successfully connected, then worker has been added to the master machine. You can verify the connection on the Connectors > Web Publishing tab.
•When you import a custom SSL certificate, Database Server client connections use SSL and HTTP connections are routed to HTTPS. If you do not import a custom SSL certificate, SSL is not used for database connections and the HTTP Strict Transport Security (HSTS) feature is disabled.
•To remove an imported certificate, use the CLI command fmsadmin certificate delete
, and restart FileMaker Server for the change to take effect. See Using the command line interface for the certificate command.
•If you are using the FileMaker default certificate or a certificate that does not verify the server's host name, you may see an error message. To allow the unverified certificate, select Connect using the unverified certificate and click Add to Master again.
•If you receive an error saying that the connection timed out, verify that the worker machine has network access to the master machine.
•You cannot change the Automatically start Web Publishing Engine setting (described in Startup settings) for the worker machines. The Web Publishing Engine will always automatically start when the worker machine restarts.
•If you change the host name on the master machine, you need to disconnect all worker machines, then reconnect the worker machines using the new host name.
•To change the host name of a worker machine: first remove it from the master machine, then change the host name, then reconnect it to the master machine.
•If a worker machine is connected to the master machine using an IP address, then redirects to the master machine will use an IP address. If a worker machine is connected to the master machine using a fully qualified host name, then redirects to the master machine will use a fully qualified host name.
•If a FileMaker WebDirect solution uses the Print, Print Setup and Save Records as PDF script steps, all required fonts must be installed on the master machine and on the worker machines.