FileMaker Server 13: Installing An Updated SSL Certificate
In March of 2014, I posted information regarding how I had installed an SSL certificate for one of my FileMaker Servers running on an Amazon EC2 instance. (The original post is here.) I had ordered the certificate through MediaTemple.
This post is a follow-up, describing the steps involved in installing an updated certificate. While these steps are very similar to those that were involved in installing the original certificate, I thought I'd share some of the extra steps that I had to take to get everything working properly.
The request for the updated certificate was automatically generated for me by MediaTemple. Media Temple provides QuickSSL certificates that are actually issued by GeoTrust.
Once the order was complete, I logged into Media Temple and downloaded the updated certificate. Conveniently, Media Temple provides everything that's needed in a single zip file.
Before installing the updated certificate, I made a backup of everything in: C:\Program Files\FileMaker\FileMaker Server\CStore\
I then copied the certificate request file ( "subdomain.domain.csr" ) to: C:\Program Files\FileMaker\FileMaker Server\CStore\. I renamed the certificate request file ( "subdomain.domain.csr" ) to: serverRequest.pem
I also copied the encrypted private key file ( "subdomain.domain.key" ) to: C:\Program Files\FileMaker\FileMaker Server\CStore\, and renamed the encrypted private key file ( "subdomain.domain.key" ) to: serverKey.pem
And finally, I copied the certificate file ( "subdomain.domain.crt" ) to: C:\Program Files\FileMaker\FileMaker Server\CStore\
At that point, everything is in place to import the new certificate. To do the import, I simply opened a DOS ("PowerShell") window, and ran this command: fmsadmin certificate import "C:\Program Files\FileMaker\FileMaker Server\CStore\subdomain.domain.crt"
Here's where things differed from installing the original certificate. While FMS seemed to immediately start responding to requests from FileMaker Pro and Go clients, requests made via the API for PHP failed. To resolve this, I first tried restarting the Web Publishing Engine. But that alone didn't help.
Similarly, restarting IIS did nothing. So, as a final resort, I ended up having to restart the server itself...
And that did the trick. Everything, including requests made from CWP solutions via the FileMaker API for PHP, came back to life. Disaster averted!
This was the first unscheduled downtime that my hosting company (Open Remote) has had since making the move to Amazon EC2-based servers more than 15 months ago. And the total downtime? Less than 5 minutes!
SSL certificates can be troublesome. Hopefully, this information will come in handy for others.