What’s this post all about?
Fessing up to reality
Why self-host FileMaker files in 2018?
Payment & license models
FileMaker Server host machine considerations
FileMaker Server installation
Pedantic Java
Networking shenanigans
Port forwarding
A fixed external Internet address
Free SSL certification?
- Install Homebrew
- Install Certbot
- Download the GetSSL.sh file
- Edit the GetSSL.sh file
- Run the Bash script
- Change the FileMaker Server SSL Connections settings
- Set up a schedule to renew the SSL certificate
Deciding on and securing an FQDN
Generating a certificate signing request (CSR)
Tested SSL certification authorities (CAs)
- GeoTrust: True BusinessID
- Comodo: Comodo Elite SSL Certificate, EV SSL
- Symantec: Secure Site SSL Certificate
- Thawte: SSL123 Certificate (under SHA-1 Root)
- GoDaddy: Standard SSL
Setting up a GoDaddy Certificate
Importing your SSL certificate into FileMaker Server
Uploading your FileMaker Server SSL certificate to your web host
If your SSL key is encrypted, you’ll first need to decrypt it before using it to secure your app with HTTPS.
Certificate redirection
fm.roundededgestudio.com.
www.fm.roundededgestudio.com.
webdisk.fm.roundededgestudio.com.
cpcontacts.fm.roundededgestudio.com.
webmail.fm.roundededgestudio.com.
cpanel.fm.roundededgestudio.com.
whm.fm.roundededgestudio.com.
cpcalendars.fm.roundededgestudio.com.
Testing
Summary: landmarks on a FileMaker Server journey
- Buy a dedicated host machine. We use a Mac Mini.
- Buy your FileMaker Pro and Server licences.
- Install the FileMaker software.
- Don’t update Java. No, definitely don’t do that.
- Use your router’s firewall rather than OSX Server’s. Check the setup carefully.
- Fix your FMS host’s internal (LAN) IP address outside the scope of your DHCP distribution.
- Open ports 80, 443, 5003 and 16002 in your router and port-forward them to the FMS host’s internal IP address.
- Open port 2399 for ODBC/JDBC solutions and 16000 if you want to use Admin Console externally.
- Secure a fixed external (WAN) Internet address. We bought a static IP address from our ISP.
- Decide on and secure an FQDN with your web host – probably a subdomain.
- Generate a CSR in FMS.
- Choose a FileMaker-approved CA like GoDaddy and buy an SSL certificate.
- Set up the certificate and verify subdomain ownership through your web host.
- Download the certificate files from your CA.
- Import your SSL certificate into FMS.
- Decrypt your private key, which requires OpenSSL, which requires HomeBrew, which requires Xcode Command Line Tools.
- Upload your SSL certificate to your web host and attach it to your subdomain.
- Change the TTL options for the DNS Zone records you need to update to 60.
- Redirect your subdomain to FMS by changing DNS Zone records.
- Test everything.
Related content
Where next?
Exhibition supplier partnership
A strong and trusting partnership with your exhibition supplier can make a huge difference to your exhibiting experience and your ROI too.
Successful outing for aluminium profile system
NIHR become one of the first clients to commission an exhibition stand built using our aluminium profile system, so new it doesn’t yet have a name. As it enters full production, we’re buzzing about the possibilities.
Standing out at the UCAS fairs
UCAS fairs allow unis to convey a positive first impression, a sort of varsity speed-dating. We help Anglia Ruskin and Bristol catch the eye.
Time lapse: new graphics
Here’s a time lapse video, revealing the construction of a new look for our graphic panels. We also offer an insight into some of the design influences for the artwork.
Yes when you speak to their sales people about setting up servers it’s presented as all very straightforward. The reality is far from it!
I agree. The pain (and cost) would be lessened somewhat if they devised a way of including a permanent certificate for the server, although I understand why this has to be linked to your own domain. But for software that’s been around this long, the whole thing should be a lot easier by now.