FileMaker Server 17 - Letsencrypt

Januar 15, 2017 Kladde

Den FileMaker Server auf dem Mac mit einem Zertifikat von Letsencrypt absichern und dieses Zertifikat automatisch erneuern lassen. Zuletzt getestet mit FileMaker Server 17 auf einem Mac mini late 2012

original: https://bluefeathergroup.com/blog/lets-encrypt-ssl-certificates-for-filemaker-server-for-mac/

Homebrew installieren

# /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

certbot installieren

# brew install certbot ### /usr/local/bin/GetSSL.sh

Startscript

/usr/local/bin/GetSSL.sh

#!/bin/sh

DOMAIN="fms.mycompany.com"
EMAIL="myemail@mycompoany.com"
SERVER_PATH="/Library/FileMaker Server/"

#WEB_ROOT=$SERVER_PATH"HTTPServer/htdocs"

# Get the certificate
#certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m $EMAIL --preferred-challenges "http" -n
certbot certonly --standalone -d $DOMAIN --agree-tos -m $EMAIL --preferred-challenges "http" -n

cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /Library/FileMaker\ Server/CStore/fullchain.pem
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /Library/FileMaker\ Server/CStore/privkey.pem

# Move an old certificate, if there is one, to prevent an error
mv "$SERVER_PATH/CStore/serverKey.pem" "$SERVER_PATH/CStore/serverKey-old.pem"

# Install the certificate
fmsadmin certificate import /Library/FileMaker\ Server/CStore/fullchain.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem

# Wait for it to stop
sleep 60s

# Stop FileMaker Server
launchctl stop com.filemaker.fms

# Wait for it to start
sleep 60s

# Start FileMaker Server again
launchctl start com.filemaker.fms

Im Terminal erstes Cert holen

# sudo /usr/local/bin/GetSSL.sh

/Library/LaunchDaemons/com.filemaker.fms-ssl.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>PATH</key>
        <string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin</string>
    </dict>
    <key>Label</key>
    <string>com.filemaker.fms-ssl</string>
    <key>ProgramArguments</key>
    <array>
        <string>/bin/sh</string>
        <string>/usr/local/bin/GetSSL.sh</string>
    </array>
    <key>RunAtLoad</key>
    <false/>
    <key>StartCalendarInterval</key>
    <array>
        <dict>
            <key>Hour</key>
            <integer>6</integer>
            <key>Minute</key>
            <integer>30</integer>
            <key>Weekday</key>
            <integer>6</integer>
        </dict>
    </array>

</dict>
</plist>

Rechte anpassen

# chown root:wheel /Library/LaunchDaemons/com.filemaker.fm-ssl.plist

laden

# sudo launchctl load /Library/LaunchDaemons/com.filemaker.fm-ssl.plist

prüfen ob es geladen wurde

$ sudo launchctl list | grep com.filemaker
-   0   com.filemaker.httpd.graceful
-   0   com.filemaker.fms-ssl
-   0   com.filemaker.httpd.stop
1233    0   com.filemaker.fms
-   0   com.filemaker.httpd.start
-   0   com.filemaker.httpd.restart