Using the Deployment assistant on a secondary machine

Use the Deployment assistant on a secondary machine to install a signed SSL certificate or to connect a secondary machine to a primary machine.

To install a signed SSL certificate on a secondary machine:

  1. Start the Deployment assistant on the secondary machine. See Starting the Deployment assistant on a secondary machine.

  2. Click Import Certificate.

    • For Signed Certificate File, click Browse and choose the SSL certificate file that you received from the certificate authority (CA).

    • For Private Key File, click Browse and choose the private key file (serverKey.pem) created in the CStore directory when you created the certificate signing request (CSR). See Creating a certificate signing request.

      If you use a different method to create the CSR—for example, using a CA’s website—then choose the private key file you obtained through that method.

    • If your custom SSL certificate requires an intermediate certificate file, for Intermediate Certificate File, click Browse and choose the intermediate certificate file. If you get a CA certificate bundle from your CA, you can use this file as the intermediate certificate file.

    • For Private Key Password, enter the password used for your private key file when you created the file.

  3. Click Import to import the signed certificate.

  4. If you need to import a different certificate, click Start Over and delete the existing certificate and private key files.

  5. Restart the secondary machine for the new certificate to take effect.

Note  Certificate file names should not include unsupported characters. For example, a certificate filename should not include an asterisk (*) character.

To connect a secondary machine to a primary machine:

  1. Start the Deployment assistant on the secondary machine. See Starting the Deployment assistant on a secondary machine.

  2. For Connection Setup, enter:

    • the primary machine’s host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the primary machine.

    • the secondary machine’s host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the secondary machine.

    • the server administrator user name and password that you use to log in to Admin Console on the primary machine.

  3. Click Add to Primary to connect the secondary machine to the primary machine.

    When you see a message that the secondary is successfully connected, then secondary has been added to the primary machine. You can verify the connection on the Connectors > Web Publishing tab.

Notes 

  • When you import a custom SSL certificate, Database Server client connections use SSL and HTTP connections are routed to HTTPS. If you do not import a custom SSL certificate, SSL is not used for database connections and the HTTP Strict Transport Security (HSTS) feature is disabled.

  • To remove an imported certificate, use the CLI command fmsadmin certificate delete, and restart FileMaker Server for the change to take effect. See Using the command line interface for the certificate command.

  • If you are using the FileMaker default certificate or a certificate that does not verify the server’s host name, you may see an error message. To allow the unverified certificate, select Connect using the unverified certificate and click Add to Primary again.

  • If you receive an error saying that the connection timed out, verify that the secondary machine has network access to the primary machine.

  • You cannot change the Automatically start Web Publishing Engine setting (described in Startup settings) for the secondary machines. The Web Publishing Engine will always automatically start when the secondary machine restarts.

  • If you change the host name on the primary machine, you need to disconnect all secondary machines, then reconnect the secondary machines using the new host name.

  • To change the host name of a secondary machine: first remove it from the primary machine, then change the host name, then reconnect it to the primary machine.

  • If a secondary machine is connected to the primary machine using an IP address, then redirects to the primary machine will use an IP address. If a secondary machine is connected to the primary machine using a fully qualified host name, then redirects to the primary machine will use a fully qualified host name.

  • If a FileMaker WebDirect solution uses the Print, Print Setup and Save Records as PDF script steps, all required fonts must be installed on the primary machine and on the secondary machines.