Using the secondary machine Admin Console
Use the secondary machine Admin Console to install a signed SSL certificate or to connect a secondary machine to a primary machine.
To install a signed SSL certificate on a secondary machine:
-
Start the secondary machine Admin Console. See Starting the secondary machine Admin Console.
-
Click the Configuration tab.
-
Click Import Custom Certificate.
-
For Signed Certificate File, click Browse and choose the SSL certificate file that you received from the certificate authority (CA).
-
For Private Key File, click Browse and choose the private key file (serverKey.pem) created in the CStore directory when you created the certificate signing request (CSR). See Creating a certificate signing request.
If you use a different method to create the CSR—for example, using a CA's website—then choose the private key file you obtained through that method.
-
If your custom SSL certificate requires an intermediate certificate file, for Intermediate Certificate File, click Browse and choose the intermediate certificate file. If you get a CA certificate bundle from your CA, you can use this file as the intermediate certificate file.
-
For Private Key Password, enter the password used for your private key file when you created the file.
-
-
Click Import to import the signed certificate.
-
If you need to import a different certificate, click Delete Files, then click Delete Files in the popup dialog to confirm deletion to delete the existing certificate and private key files. Then restart the import certificate process.
-
Restart the secondary machine for the new certificate to take effect.
Note Certificate file names should not include unsupported characters. For example, a certificate filename should not include an asterisk (*
) character.
To connect a secondary machine to a primary machine:
-
Start the secondary machine Admin Console. See Starting the secondary machine Admin Console.
-
Click the Connectors tab.
-
For Web Publishing, enter:
-
the primary machine's host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the primary machine.
-
the secondary machine's host name or IP address. If you have a custom SSL certificate installed, when you use a host name, it should be a valid, fully qualified host name as supported by the custom SSL certificate installed on the secondary machine.
-
the server administrator user name and password that you use to log in to Admin Console on the primary machine.
-
-
Click Connect to Primary Machine to connect the secondary machine to the primary machine.
When you see a message that the secondary is successfully connected, then secondary has been added to the primary machine. You can verify the connection on the Connectors > Web Publishing tab on the primary machine Admin Console.
Note If you see the Install JDK button, you must click the button and follow the instructions to install the Java Development Kit (JDK) before you will be able to connect primary and secondary machines.
Notes
-
When you import a custom SSL certificate, Database Server client connections use SSL and HTTP connections are routed to HTTPS. If you do not import a custom SSL certificate, SSL is not used for database connections and the HTTP Strict Transport Security (HSTS) feature is disabled.
-
To remove an imported certificate, use the CLI command
fmsadmin certificate delete
, and restart FileMaker Server for the change to take effect. See Using the command line interface for the certificate command. -
If you receive an error saying that the connection timed out, verify that the secondary machine has network access to the primary machine.
-
You cannot change the Automatically start Web Publishing Engine setting (described in Startup settings) for the secondary machines. The Web Publishing Engine will always automatically start when the secondary machine restarts.
-
If you change the host name on the primary machine, you need to disconnect all secondary machines, then reconnect the secondary machines using the new host name.
-
To change the host name of a secondary machine: first remove it from the primary machine, then change the host name, then reconnect it to the primary machine.
-
If a secondary machine is connected to the primary machine using an IP address, then redirects to the primary machine will use an IP address. If a secondary machine is connected to the primary machine using a fully qualified host name, then redirects to the primary machine will use a fully qualified host name.
-
If a FileMaker WebDirect solution uses the Print, Print Setup and Save Records as PDF script steps, all required fonts must be installed on the primary machine and on the secondary machines.