Configure security for FileMaker Server 14 and earlier

If security is important to your operations, all computers running FileMaker Server should have a custom SSL certificate. The standard installed FileMaker SSL standard certificate is only available for testing purposes. Follow the instructions in this article to get a new certificate or replace an expired one.

Purchase a fully qualified domain name (FQDN)

Your fully qualified domain name (FQDN) is the public address that you want to use to access FileMaker Server. To get a fully qualified domain name, you need to register your unique domain name with a DNS registrar that will synchronize the domain with your server's IP address. Please note the following points:

• If you already own a domain, you can instead purchase a subdomain (e.g. subdomain.currentdomain.com) instead of purchasing a completely new domain.
• For multi-computer deployments, each computer should have its own domain or subdomain. For example server1.domain.com and server2.domain.com.
• When you buy a new domain, you may receive a new email account through the DNS registrar to confirm that you own the domain.

Create a CSR for the domain name

A Create a Certificate Signing Request (CSR) file is a hash file that contains information about your domain, including the domain name, company, etc. When you purchase an SSL certificate, the CSR tells the certification authority which domain the certificate is for to be issued.

How to create a CSR :

• macOS: Open the terminal and run the following command:
  fmsadmin certificate create
• Windows: Open Command Prompt (cmd) as an administrator and run the following commands:
  cd "C: \\ Program Files \\ FileMaker \\ FileMaker Server \\ Database Server"
  fmsadmin certificate create

This creates the following files in / FileMaker Server / CStore /:

• serverRequest.pem: CSR required for the SSL purchase process.
• serverKey.pem: Private key file that is required for the certificate import.

Multi-computer deployments : Go to each computer in the deployment and run the commands to create a CSR for each computer.

Import the certificate into FileMaker Server

After purchasing, you will receive an email from the certification body with your server certificate (matching your domain name) and additional intermediate certificates. Only the server certificate has to be imported. The certificate should be in Base64 PEM format. Common extensions are .pem, .crt or .cer.

To import the certificate:

1. Führen Sie den Importbefehl über die Eingabeaufforderung aus:
   • macOS: Öffnen Sie das Terminal und führen Sie den Befehl
     fmsadmin certificate import <Pfad zum Zertifikat> aus
   • Windows: Öffnen Sie die Eingabeaufforderung (cmd) als Administrator und führen Sie die folgenden Befehle aus:
     cd „C: \\ Programme \\ FileMaker \\ FileMaker Server \\ Datenbankserver“
     fmsadmin certificate import <Pfad zum Zertifikat>
2. Go to the Admin console (https: // : 16000 / admin-console)> Database server> Security
3. Aktivieren Sie «SSL für Datenbankverbindungen verwenden».
4. Click Save at the bottom of the Admin Console window.
5. Restart FileMaker Server

Multi-computer deployments: Run these commands on each computer in the deployment to import each matching certificate, then restart FileMaker Server on all computers.

Test the SSL certificate

After importing the certificate, a file named serverCustom.pem should be created in / FileMaker Server / CStore. This is your server's custom SSL certificate.

• Database server test: Use FileMaker Pro to connect to a hosted file and check the Security lock symbols in the lower left corner of the window.
• Web server test: Connect to the FQDN of your web server using https (https: // ) in a browser and check the security lock symbol in the address bar.