Issue report by David Rowland
Product
FileMaker ServerVersion
13.0.4.400Operating system version
OS X 10.9.4Description of the issue
After enabling Require Secure Connection using a signed certificate the server no longer presents hosted databases to clients (even on the same local machine as the server).Steps to reproduce the problem
1. Generate CSR, install signed certificate using fmsadmin.2. Reboot and verify web is using proper signed certificate
3. Enable Require Secure Connections
4. Restart Database Server
5. Hosted databases are no longer listed (server still is).
Expected result
Client should be able to see hosted databases.Actual result
Clients see no hosted databases while Require Secure Connection is enabled.Exact text of any error message(s) that appear
N/AConfiguration information
When FMS starts it appears to be copying/re-encrypting keys from CStore to HTTPServer/conf and overwriting anything in that directory. The certificate is ripped out of serverCustom.pem and placed into server.pem. We don't understand where the server.key in HTTPServer/conf is being generated from; it does not match either of the keys in CStore.We attempted to modify the httpd.conf to point at a differently named cert (to avoid FMS overwriting it) but that causes Web Server to not launch. Equally we attempted to lock the certs in HTTPServer/conf to avoid being overwritten but with identical results.
We've built FMS clean on a test server to replicate this behaviour we saw on our production and dev servers. We've also re-issued the certs with no change in symptoms.
Workaround
1. Generate and install the signed certificate.2. Verify web is using the signed certificate.
3. Turn off the Database Server.
4. Delete from the CStore: serverCustom.pem, serverKey.pem, serverRequest.pem
5. Enable "Require Secure Connections"
6. Turn on the Database Server
Web will now be using the correct signed certificate and FM Clients can see hosted databases.
HOWEVER YOU CAN'T REBOOT
Upon reboot FMS is going to overwrite the signed keys (in HTTPServer/conf) with the original self signed keys.
See: http://forums.filemaker.com/posts/98f940fcdf