I would like to set up OttoFMS for a client who uses only 2 in-house servers (Dev & Production) They currently use the IP addresses of the servers to connect with FMP/FMGo
They currently just have the SSL certs that ship with FM Server.
For OttoFMS we would need to install SSL Certificates. Can this be made work for this kind of in-house LAN only set-up? I will not be able to persuade the client to connect their in-house Servers to the Internet.
Any help, links on how to set this up, would be much appreciated 
Hi Ben,
So sorry, but at this time there is no way to get OttoFMS to work with Self Signed certs, or IP addresses. You must have a valid SSL from a public Cert Authority.
I am not sure if you can make that work on an isolated network, or not. They could setup local DNS inside their network to use fully qualified domains. And if they have certs for those domains that might work. I don’t know if the servers need to be able to talk to the internet to verify the certs or not.
I’ll ask our infra structure team.
Stay tuned
Thanks
Todd
Thanks Todd for the reply.
I get why OttoFMS will want SSL certs (& now we can use Lets Encrypt yay!) On the other hand there are plenty of clients still with good reason to use in-house servers, on a LAN only, so it would be interesting to see if I can get OttoFMS working in this kind of set-up.
Building on what @benmiller mentioned, I also have a client who operates in a local environment and cannot use a regular SSL. Additionally, they are behind a strict firewall, which complicates matters further.
Both the IT department and I attempted to install an SSL certificate to get Otto working, but the installation caused container loading issues on specific machines. We tried various troubleshooting methods but couldn’t resolve the problem.
Therefore, it would be beneficial if you could make it work with localhost or an internal IP, which I know is working with the FileMaker Data API.
1 Like
I know that this is an older topic, but as a new prospective user of OttoFMS, I have a similar issue/question.
I have several existing FM servers that are behind firewalls. Most of them are in the same domain and they use a wildcard SSL cert and FQDN entries from GoDaddy. One of them though has a standard SSL cert and FQDN from GoDaddy that is in a similar, but separate domain. They are all accessible through the firewall via WebDirect.
- Can OttoFMS can handle this situation of different domain names? I am looking for OttoFMS to be able to talk to all the servers and handle deployments.
We are about to introduce a new FM Server to the mix that we want to use for Development work. The plan was to have it use our wildcard SSL cert and add a FQDN entry to it in GoDaddy. One of our managers doesn’t want to setup a FQDN entry for this server because they don’t see the need to expose it to the outside world. They don’t have a problem with installing the wildcard SSL cert on it though.
- I am pretty sure that this scenario will prevent us from installing and using OttoFMS on it? I believe that we will need a FQDN entry for the new FM server?
The FM Servers are only accessible from the outside via WebDirect - therefore via port 443. Our firewall does NOT pass traffic on port 5003, etc., from the outside. We do our remote development work by connecting via a VPN to the remote network. The VPN does allow 5003, and so on. So we can then open the dB files via the regular “Hosts” methodology in FMP client. We do use the internal IP address of the target FM Server for this though as we don’t run an internal DNS server.
Hello,
OttoFMS and OttoDeploy use 443. So if your servers can connect to each other over port 443 on their own FQDNs then it should work fine. You don’t need port 5003 open.
Does that help?
Thanks
Todd
Thanks for the feedback. I just need to convince my supervisor to setup a DNS entry in GoDaddy for the new Dev FM server and we should be good then.