Requesting an SSL certificate

FileMaker Server uses SSL technology to encrypt HTTPS connections between the web server and users’ web browsers for Admin Console, FileMaker WebDirect, FileMaker Data API, and Custom Web Publishing. The Database Server can also use SSL encryption for connections with FileMaker Pro clients, FileMaker Go clients, and the Web Publishing Engine.

SSL uses digital certificates to certify the ownership of the public key used to encrypt data. FileMaker Server provides a standard SSL certificate signed by Claris International Inc., that does not verify the server name. This certificate is used by all FileMaker Server components that use SSL. However, because this certificate doesn’t verify the server name, most web browsers will warn users of a problem with the website’s security certificate. For some web browsers, certificate issues can affect performance and functionality as well. The FileMaker default certificate is intended only for test purposes.

A custom SSL certificate is required for production use. If your server does not have a custom SSL certificate, Admin Console will display security warnings.

When you import a custom SSL certificate, FileMaker Server enables all Database Server client connections to use SSL, and web clients are restricted to HTTPS connections.

For information about using secure connections, see FileMaker Server Help.

You can request a custom SSL certificate that matches your specific server name or domain name from a trusted certificate authority (CA) supported by Claris International Inc. Use the CLI certificate command to create a certificate signing request (serverRequest.pem), which you send to a CA, and a private key (serverKey.pem), which you keep secret. See Using the CLI certificate command. When you receive your signed certificate from the CA, open Admin Console and click the Configuration > SSL Certificate tab to import the certificate.

The custom SSL certificate file is placed in the CStore folder:

  • Windows: [drive]:\Program Files\FileMaker\FileMaker Server\CStore\serverCustom.pem

  • macOS: /Library/FileMaker Server/CStore/serverCustom.pem

  • Linux: /opt/FileMaker/FileMaker Server/CStore/serverCustom.pem

After updating the custom SSL certificate, restart the Database Server.

When the Database Server starts, if it is unable to find a custom SSL certificate, it will use the default server.pem file.

See FileMaker Server Help for information about securing your data.

Notes 

  • FileMaker Server supports using a single-domain certificate, a wildcard certificate, or a subject alternative name (SAN) certificate.

    The CLI certificate command can create a request for a single-domain certificate or a wildcard certificate. To use a SAN certificate, contact a CA to create the certificate signing request.

  • Use FileMaker methods to import the custom SSL certificate: either the Admin Console import certificate feature or the CLI certificate command. Do not use IIS certificate tools or OpenSSL certificate tools to import a custom SSL certificate for the FileMaker Server web server component because the Database Server and the web server component must use the same certificate.

  • The custom SSL certificate must use base-64 encoding.

  • FileMaker Server does not support validation using a certificate revocation list (CRL validation).

  • If you are using a multiple-machine deployment, request custom SSL certificates for the primary machine and the secondary machines. Import a custom SSL certificate on each machine.

  • To remove an imported certificate, use the CLI command fmsadmin certificate delete, and restart FileMaker Server to apply the change. See CLI Help.

  • For information about supported certificates, see the Knowledge Base.