Hi,
We have an installation of Otto on an OnPremise Server with a internally signed certificate (they are themselves a CA internally).
Domain is like “server01.mydomain.local”
FileMaker Server imports the Cert properly (it was created using a CSR from FileMaker Server) and FileMaker Clients show the green Lock.
FileMaker Server Admin Console cannot resolve in Edge because Edge verifies with its own Certificate cache so says invalid.
Otto shows unknown version.
CURL throws no certificate error
POSTMAN can connect to the AdminAPI without error.
How can I solve this? Where must I import the Cert for Otto to not say unknown version?
Many thanks
Tobias
Hello,
OttoFMS currently requires an SSL cert from public cert authority. Self signed or local CAs are not supported at this time. They may be in the future.
Sorry
Todd
Hi Todd,
thanks for chiming in. That is really critical to us. Can you tell me what the technical problem is? Since CURL does work, FileMaker AdminAPI/DataAPI do work, FileMaker does work. I’m just trying to understand what makes this fail in that instance. Is it a design decision or an implementation issue? Or some framework that you use?
many thanks
Tobias
Hello,
It is all of the above.
In Otto v3 the biggest tech support issues we had was certs, ports, and networking. We chose to go through the FileMaker Server so we could avoid all of that. The trade-off if was that we needed to use certs with public CAs.
We hear you and every one else who is asking to loosen up those restrictions. We are investigating how we might be able to to do that. If it was easy, we would have done it already. It isn’t easy. HTTP requests are at the foundation of everything that OttoFMS OttoDeploy, and the Ottomatic Cloud console does. We have to do it for all three of those applications if we can, and we MUST do it securely.
I am sorry this is such an issue for you. If we can address it we will.
Todd
Thanks a lot. I do get that you need consistency especially since you offer part of your service essentially for free. So I’m deeply grateful. I was just asking because I suspected you do everything using FileMaker Server and I was wondering why at what part of the equation that failed since I can connect to the Admin API without a problem using https in Postman - and I had that same issues with FileMaker failing on Insert From URL on the DAPI on another server where Postman had no problem.
Again, many thanks!
Thanks for the reply Tobias
We are looking at trying to work out the Private Cert Authority issue. Some of it may be nothing more than making sure the various pieces have access to the root CERT. But we don’t have it worked out yet.
Stay tuned.
Todd
1 Like
Hi Todd,
any update on this? We still have a few customers OnPremise that use a Self Signed Cert.
As stated previously the cert is valid using
- FileMaker App Connections (green lock)
- DataAPI
- AdminAPI
- Admin Console
it just doesn’t work in Otto (OttoFMS not installed)
Many thanks
Tobias
Hello,
Sorry there is no update on this.
Todd
Any way we can help you on this? Is the code or the respective code fragments available to look into so we can try a fix ourselves?
Many thanks
Tobias
Hello
I really appreciate you offering to help but sorry it’s not just one piece of code. It’s the entire system. We have some ideas and a sketch of what to do, but so far it is has not reached the top of our priorities.
Sorry
Todd