Filemaker Server mit Letsencrypt
original: http://bluefeathergroup.com/blog/lets-encrypt-ssl-certificates-for-filemaker-server-for-mac/
Homebrew installieren
# /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
certbot installieren
# brew install certbot
/usr/local/bin/GetSSL.sh
#!/bin/sh
DOMAIN="fms.mycompany.com"
EMAIL="myemail@mycompoany.com"
SERVER_PATH="/Library/FileMaker Server/"
#WEB_ROOT=$SERVER_PATH"HTTPServer/htdocs"
# Get the certificate
#certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m $EMAIL --preferred-challenges "http" -n
certbot certonly --standalone -d $DOMAIN --agree-tos -m $EMAIL --preferred-challenges "http" -n
cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem /Library/FileMaker\ Server/CStore/fullchain.pem
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem /Library/FileMaker\ Server/CStore/privkey.pem
# Move an old certificate, if there is one, to prevent an error
mv "$SERVER_PATH/CStore/serverKey.pem" "$SERVER_PATH/CStore/serverKey-old.pem"
# Install the certificate
fmsadmin certificate import /Library/FileMaker\ Server/CStore/fullchain.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem
# Wait for it to stop
sleep 60s
# Stop FileMaker Server
launchctl stop com.filemaker.fms
# Wait for it to start
sleep 60s
# Start FileMaker Server again
launchctl start com.filemaker.fms
Im Terminal erstes Cert holen
# sudo /usr/local/bin/GetSSL.sh
/Library/LaunchDaemons/com.filemaker.fms-ssl.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin</string>
</dict>
<key>Label</key>
<string>com.filemaker.fms-ssl</string>
<key>ProgramArguments</key>
<array>
<string>/bin/sh</string>
<string>/usr/local/bin/GetSSL.sh</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>6</integer>
<key>Minute</key>
<integer>30</integer>
<key>Weekday</key>
<integer>6</integer>
</dict>
</array>
</dict>
</plist>
rechte anpassen
# chown root:wheel /Library/LaunchDaemons/com.filemaker.fm-ssl.plist
laden
# sudo launchctl load /Library/LaunchDaemons/com.filemaker.fm-ssl.plist
prüfen ob es geladen wurde
$ sudo launchctl list | grep com.filemaker
- 0 com.filemaker.httpd.graceful
- 0 com.filemaker.fms-ssl
- 0 com.filemaker.httpd.stop
1233 0 com.filemaker.fms
- 0 com.filemaker.httpd.start
- 0 com.filemaker.httpd.restart