Configuring security for FileMaker Server 15 and higher
If security is important to your operations, all machines running FileMaker Server should have a custom SSL certificate. The standard FileMaker SSL certificate installed by default is available for test purposes only. Follow the process in this article to obtain a new certificate or replace an expired certificate.
Your Fully Qualified Domain Name (FQDN) is the public-facing address that you would like to use to access FileMaker Server. To obtain a FQDN, you must register your unique domain name with a DNS registrar who keeps the domain in sync with your server's IP address. Please keep the following points in mind:
A create a certificate signing request (CSR) is a hash file containing information about your domain, including the domain name, company, etc. When purchasing a SSL certificate, the CSR tells the Certificate Authority what domain to issue the certificate for.
To create a CSR:
Select a SSL certificate to purchase from a Certificate Authority (CA). The following certificates were tested by FileMaker Inc. If you use a certificate not on this list, be sure to test the certificate before using it in production.
Multi-machine deployments: purchase a wildcard certificate that can be imported on all machines.
After the purchase, you will recieve an email from the CA containing your server certificate (matching your domain name) and required intermediate certificates. All certificates should be in Base64 PEM format. Common extensions are .pem, .crt, or .cer.
To import the certificate:
NOTE: Certificates requested in FileMaker Server 14 or earlier using "fmsadmin certificate create" cannot be imported into FileMaker Server 15 and higher. Use the process in this article to create a new CSR.
After importing the certificate, a file named serverCustom.pem should be created in /FileMaker Server/CStore. This is your server's custom SSL certificate.