Configuring security for FileMaker Cloud
Posted by Support Team Lead - FL, Last modified by Support Team Lead - FL on March 30 2017 19:58
  • FileMaker Cloud
  •    1.15.x

FileMaker Cloud comes with a trial SSL certificate and "fmi.filemaker-cloud.com" domain that is good for the 1st 90 days. To continue using FileMaker Cloud beyond the trial period, you must purchase a different custom domain name and SSL certificate.

Purchase a new domain or sub-domain

Your domain name is the public-facing address that you would like to use to access FileMaker Cloud.  Domain names can be purchased from a DNS registrar who keeps the domain in sync with your server's IP address or with another domain. Please keep the following points in mind when purchasing a domain name:

  • Keep the domain unassigned to a specific address at first. After importing an SSL certificate, you will recieve email instructions to update the address to point to your FileMaker Cloud instance's "root" DNS (see the section below, "Update your CNAME record").
  • You will recieve a new email account through the DNS registrar that you can use to validate that you are the owner of the domain (See the section below, "Purchase a new SSL certificate").
  • If you already own a domain, you may instead purchase a subdomain (subdomain.currentdomain.com) for FileMaker Cloud instead of getting an entirely new domain. 

After you have purchased a domain name, follow the instructions below to purchase an SSL certificate for the new domain.

Purchase a new SSL certificate

Only the Comodo certificate provided in this process is supported in FileMaker Cloud. If you choose to use a different SSL certificate, be sure to test it before going into production.

  1. Use a certificate tool such as OpenSSL to create a certificate signing request (CSR) for your domain name, along with a corresponding private key file. By default, these files are created in your home folder as "myserver.key" (private key) and "server.csr" (CSR). Specify your domain name, email address and company name during CSR creation. 
  2. In the Cloud Console (https://<yourdomain>/console#/login), go to Configuration > SSL Certificates, and click "Purchase Comodo Certificate" to begin Comodo's SSL purchase process.
    Note: If the trial SSL certificate has expired, you cannot access the Cloud Console in Safari using the hostname. As a workaround, use a differnet browser or use the instance's IP address until the SSL certificate is renewed.
  3. Following Comodo's on-screen prompts, provide information including:
    • The contents of the CSR created in step #1. Open the CSR in a text editor and copy the entire contents into the space provided on Comodo's page.
    • Select "Other" as the server software used to generate the CSR.
    • Select the number of years the certificate will be valid for (1, 2, or 3).
    • Select your DNS email address for domain validation to verify that you are the owner of the domain specified in the CSR.
  4. An email will be sent to your new DNS email account. Login through the DNS registrar's website to manage this account and acknowledge the domain validation email from Comodo. 

Import the certificate

After purchasing the certificate, you will recieve an email containing your server certificate and additional intermediate certificates. If you purchased the recommended Comodo certificate, only the server certificate (YourDomainName.crt) needs to be imported into FileMaker Cloud. For all other types, the server certificate and intermediate certificates may need to be concatenated into a single bundled file before they can be imported. All certificates must be in Base64 encoded PEM format, which contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". Common extensions for this format are .pem, .crt or .cer.

  1. Login to the Cloud Console (https://<yourdomain>/console#/login).
  2. Go to Configuration > SSL Certificates.
  3. Click "Import Certificate"
  4. Select the server certificate (YourDomainName.crt) and private key file ("myserver.key" created along with the CSR). Leave the private key password blank unless your private key file was encrypted with a password.

NOTE: Certificates requested in FileMaker Server 14 or earlier using "fmsadmin certificate create" cannot be imported into FileMaker Cloud. Use OpenSSL to create a new CSR.

Update your CNAME record

After you import your SSL certificate, you will recieve an automated email from FileMaker with instructions to update your domain name's CNAME record with a string beginning with random characters and ending in .fmi.filemaker-cloud.com (for example, "fc-224-170-33-1475102152.fmi.fiemaker-cloud.com"). This is your FileMaker Cloud instance's "root" DNS that will remain the same even if your IP address changes. Login to your DNS registrar's site to update the CNAME record so that your custom domain name redirects to this root DNS. For specific instructions, please contact your DNS registrar.

(0 vote(s))
Helpful
Not helpful

Comments (0)