FileMaker Pro For Beginners Daily Live Training

FMTraining.TV

(805) 946-6552

Contact us at: support@rcconsulting.com

https://fmtraining.tv/

Transcript

SSL Certificate Purchase and installation of FileMaker Server - Jacob Taylor

Hello everyone rich carlton here welcome to another awesome day i'm going to move jacob's little label off my forehead which is awesome we are adjusting our trajectory here we're back in the santa clara office here in sunny santa clara california and welcome to another awesome day of filemaker training i'm richard carlton creator of fmtraining. tv where we're teaching everyone how to build great filemaker custom applications today's broadcast is about ssl certificates um this is kind of a retread a little bit of of a video that's going to be coming to the pro course shortly uh jacob did a complete end-to-end re-record of how to build an amazon aws server and as part of that he did the ssl certificate but we're going to do this live for you today elso's question which is not here anymore i'm going to go and get rid of this i'm going to bring jacob up here but the question is is now we did cover this in the video now so i'm not

going to hold it over elso's head that he should know that we covered this in our filemaker deployment video but we cover like what should i use filemaker server or filemaker cloud and anymore when we say cloud pretty much especially if you're talking about buying it we're talking about cloud two and so let's just pretend that elsa doesn't have my training and so he wouldn't know this right but if he had my training and watch the video then then he would know this stuff so what jacob taylor if you were going to advise someone they have i have less than five users say three or four users they were on filemaker 15 or 16. now they're moving to 19 and they're using some they've been watching the video some other videos lean design they're doing this they're doing that they're doing some great stuff and they want to but you really can't use shared hosting anymore which is where i have people coming to me

going richard we hosted our database for 20 people and it only cost us like 25 a month to host it for 20 people right i mean they bought pro for everyone then they would do the shared hosting thing that that is a subsidized service that is below what we would consider fair market value of that service it's what happens we did a little bit of that years ago but we stopped it because it was you just start looking at it objectively and you realize hey it's very hard to do it legally in a profitable way and of course clarison stopped all the shared hosting so so you're gonna have to go to a server that you own so that's a standard thing right so so let's establish one you're not gonna steal the software and you're gonna be legal so we're one we're assuming we're legal then rule two is that you're going to have your own server now whether the server is in your

office or in your basement or it's up in the cloud you have to have your own server and so you're going to have to pay for that the cheapest if you can get like a used if you're a mac person or windows person could probably get a decent computer all set up for say with solid state drives everything for like 500 bucks but then you have to maintain it and then you have to maintain the electricity and the internet the backups and stuff so maybe it's better to put on amazon so we will let you decide where you want to put the server the server needs to be as close to the people as possible okay and so the question that normally comes down is is what do you want your your filemaker application to do so let's ask the question so if it does pro go or web direct you can do cloud 2 or filemaker server okay if you want to do public facing websites which normally you

would do with php or the data api stuff like that that is not supported despite everyone else saying this but if you ask jesse barnum who i trust and a bunch of other people cloud two doesn't support that they try to pretend they do but they don't really it doesn't really work um and so if you want public-facing web connectivity you must use filemaker server you can't use cloud 2. uh what other deciding considerations are there jacob that you would think about um there is uh i said it cuts a couple different directions two that i can think of that are really good you you kind of touched on one of them previously which was right if you have a server in your office for example uh someone's got to maintain that and so kind of if you you don't have strong feelings between filemaker cloud and a filemaker server or there's not something we've already said that you know precludes cloud or says oh yeah

we should be using that then think about can you support it so if we set you up with a filemaker server on amazon or a filemaker server in your office or perhaps you're a bigger company and you have your own data center or a rented space or something like that is is there either someone in the organization or perhaps a department if you're of that size able to maintain the filemaker server tend to the backups that sort of thing restore it when it goes down whatever does that capacity exist if nothing else excludes it and you don't have that capacity i might recommend cloud for you um because it you don't have to pay attention to any of that um the other consider because sorry to be clear clarisse kind of does all of that for you um the other consideration that i would point out um it mostly doesn't matter but you can get yourself into a corner with it uh is that the

the plug-ins if you're going to be using them on the server side for example 360 works email or something like that that's actually a bad example but it's one i know all of you have heard of uh they they the plugins themselves the code has to be made for filemaker server versus filemaker cloud they have to build the code differently for filemaker cloud so there's a chance depending on the plugin that it may not be supported on cloud actually so let me ask a question so so let's go talk about when we talk about cloud we're talking about the service that claris has where they put the basically there's supposed to put the service and the hardware together there's this older service called cloud one it's been deprecated a lot of people still have it they're gonna have to move to cloud two so let's talk about cloud one did have support for these linux based uh compiled plug-ins cloud two do they have plug-and-support i don't

think they do cloud two i yeah i don't wanna commit to an answer i would assume that it that support would carry over um but you have to have command line access to install it and you don't get command online access to a cloud 2 server do we you don't you can't really um no no you yeah you don't get uh you do not get command line access to it but um you do not necessarily need command line access um because you you can install plugins from within filemaker to the server itself okay well i i i would consider it sufficiently sketchy that you need to be careful so a lot of people run plug-ins and they run them on pro and they don't really run them on server too often the reason you really really run on server is because go doesn't run a plug-in and web direct doesn't run a plug-in so you have to kind of put it on the server and jury rig it

so if you have a go client or a web direct client and they need to run a plug-in like an email plug-in or something then you really need a i i we should know this jacob so we get like an unhappy face a negative happy face we should know this we need to check that but i'm pretty sure there's some issues with that another issue is sassy server side script server assisted script execution so that is a scheduled or server script a server scheduled sassy yeah server-assisted script execution but it's it's the one where it's on it's like on the backup schedule you set it for every hour or once a day or whatever it runs a filemaker script for you uh psas works on both you don't worry about that one that's like a have to have it that's where your filemaker client calls it and the server does the script that support on both cloud 2 and filemaker server but scheduling it like

have it run every day at 1 o'clock at night that you can't schedule that with cloud 2. so so if you have a script so if you want the server to run a script your client has to trigger it which means if you want to run it one in the morning or something one of your clients has to make that request whether it's on a clock or a calendar or you have to make sure someone's logged on they press the button it's kind of goofy so if you're dependent upon schedules like nick hunter loves that stuff um cloud 2 is out so once again so the question i think a big one is who's going to support it also are you going to support it who's going to support the server if you don't have any part of this is like two crossing items right uh basically if you say um it's like there's like um like one of my engineers used to say you can have

high quality if in a when you're uh coming to a consultant to build a project or you're going to anyone to build a project you can ask for i want really great quality i want a really great cheap price or i want it done really really fast you can have two of those but you can never have three of them so you can have cheap price and done really fast but then you might have lower quality if you want really great quality but a cheap price and it might take longer you can never have all three so if you are have no money one okay then that automatically limits uh your what you can do and then if you don't have any technical expertise well no technical expertise means that you have to put on cloud two right but then uh but then so then but then you say oh but i need web public facing web access those are three incompatible items right so if you

don't have your own it people that can deal with the amazon server you need to give it to cloud two just understand you know you're gonna have to live with certain concrete limitations the only way around that is to decide that you're going to pay someone like jacob taylor or some other consultant a service fee to babysit that server at a very high level we've done we don't normally support servers 24 7. we've had a couple universities and major corporations say richard we trust your team we love your team uh we want to pay you like a hot standby fee so if the crap melts we can dial you know get out the red phone like the bat phone call the bat the batman and call them in right and the red phone rings and we always we always answer 24 7. and so we would set up a phone number that would rotate and it would ring three or four different engineers and one of them

would answer the phone and that if the injury answered it then they would get like a bonus on overtime or something right and they would take care of it at three in the morning if the server went down right so you're gonna have to do something like that somewhere someway somehow you have these competing items and you have to figure out what you can do i was asking if you have a vertical market solution like amazing widgets and she sells amazing widgets to five companies and they're all logging on to the same file i guess um you're providing that as a service that's really an sba kind of capability the the server rules for you are more relaxed carol if you were part of the sba program you could actually do shared hosting in that case shared hosting is where multiple companies share one server that's only applicable if you go through the sba program you apply and go down that road but um and most

use when she says at all plugins does that mean they are using plugins or not using it's like a little shorthand when it says they use email at all plugins um you know if the plugins are running locally then then yeah i mean it's just it's once again it's not a conversation of it's not a conversation of so much you know if you have hardware or not i think it's a conversation of do you have the ability to support the hardware anyone could go buy a computer online right i i mean i guess i'm not understanding it in the plug-ins yeah she's typing and working at the same time yes on plug-ins so they're using plug-ins at the client level if you're not using them on the server then you can use uh cloud two right cloud two once again gopro webdirect client plugins for pro only no plugins for go or for go or web direct um psals yes sassy no uh some level of

tech support yes all right so let's talk about ssl certificates you want to share your screen my rep miles jacob taylor are you ready to share your screen miles would love to share his screen uh yes can i let's see share my screen we're going to pick the second one make sure everybody that looks good and you see a server and maybe some good ad in the way you do see a server so why don't you cover today what the hell we are doing and and why does it matter so all right so yeah so sort of the the greater context for ssl it's like all right cool uh yeah you'll go pay 60 or 80 bucks for one of these things but like why um why do i need one why do why do i want one um those are great questions so out of the box filemaker does actually ship and i believe i misstated this on a previous stream at some point or maybe

in one of our videos that filemaker doesn't filemaker server doesn't ship with an ssl certificate it technically does um but it doesn't have a name on it like the dns name for that server and so one of the problems with that is if for example you're either filemaker go client filemaker pro web browsers if you're going to be doing web direct when those go and access whatever you know your database as a server resources they won't be able to validate that that the connection is secure and there are additional sort of uh you know the browser or filemaker pro or filemaker go can like mathematically verify yup uh not only am i not only do i know i'm talking to the correct server uh you know i can chase the chain all the way down and confirm you know everybody has endorsed this uh say this connection this certificate um that's what certification authorities do that's actually what you're doing when you purchase an ssl certificate as

you're you're taking your little thing to them and saying sir would you bless my would you bless my certificate and they go okay and they give you they give you a blessed version of it um and so what that lets your again your filemaker pro your filemaker go your web browser whatever um it can go and check and say oh yeah the server you know you connect to the server i'm going to log into my database the server says here's my certificate and so out of the box you've done nothing here uh filemaker here i'll actually show it i cleared this one out it comes with a certificate right that uh just says filemaker on it it says you know claris test certificate not for production use so your connections are encrypted but your browser your filemaker pro your filemaker go is going to look at that and go i don't know who that is uh that's some it's like bob's certificate and so when

you purchase a certificate for example from godaddy you're going to take your request to them and they'll give you the cert back when you install that what the way that this changes is that you're when you're when you do that very same thing you're connecting to filemaker server again web browser filemaker pro advanced filemaker go uh your those programs will validate that connection and they'll say oh uh right i have a signature here from godaddy godaddy says we're good to go uh you know the name that i've punched into filemaker and the hosts menu filemaker go or filemaker pro or uh the the domain that i put in my web browser uh you know all the names match you've got my server. company. com and you know all everything all the way down says that godaddy's endorsed it you know everybody's sort of in agreement and there's some mathematical stuff i'm ignoring in there because it doesn't matter so much but basically they they endorse it and

your your computer can prove that can verify that um if that's the case you get that lovely green check box or the the little the little green lock and so what that actually does is that certifies that everything all of the different parts of the software that are involved in this are in agreement that you are connected to the correct server um and that's very useful because it means you're you you've authenticated that you're talking to the correct the correct machine on the internet basically so for example uh it would probably be a bad thing if you had um very important customer information it might make more obvious sense if you're in a say an interesting industry and you're connecting to the wrong server that's a very big risk for industries like that especially if one of the things that you manage in your filemaker database is intellectual property of some sort or another um it would probably not be a good idea if someone could

impersonate that connection um get in between you and your server and and grab your stuff uh off the wire that's not good so uh so can barefoot has a question i have a server that sits on our internal network that there's a way to use homegrown ssls yes um that is correct um and uh for a little additional technical detail on that um that is correct when you are a kind of the system administrator of all of the the things that might be connecting to your filemaker server for example um so uh this is especially applies in in a windows domain environment um if you know if everybody's sort of in the office or perhaps even working at home but they're all uh domain controlled computers when you are the administrator like that you can install your own uh like a certificate authority is a big company that's how you usually think of that think of godaddy or something like that but you can technically become

your own certificate authority so if you have control over the computer you can install that certificate authority in all of the all of the computers that you control and then that certificate authority can sign those certificates so the the it's the exact same conversation we just had uh the computers will connect but they'll look at the thing that you installed on their computer rather than godaddy or some of these other companies um for that verification and they'll find it it'll it'll work just just nor just normally so well okay so gigi on twitch is ask the question i'm just calling gg because i don't gian drea right um uh do you need a certificate when you're uh on a local network right well i mean do you do you need do you need one for security probably not do you need one because clara's kind of likes that to a degree kind of almost yes right so um yeah i mean with filemaker server you

don't have to um but with cloud cloud is mandatory if you use filemaker cloud with clear with with cloud 2 or cloud one ssl is mandatory that you cannot not you cannot not have it right you have you must have it so if you have the filemaker server in your own network and people are not really accessing externally then yeah not really so uh david david oh david angel says what happens in case of ipad right so he's over there on the on the discord side right so okay jacob you can't type yeah i don't know you verbally have to respond yes no i actually don't no no that's i don't know the answer to that question um my understanding of ipads is that they are as secure as iphones so i suspect it would be difficult is the short answer if it's possible it would be difficult um i think you have to uh install something like a network profile or whatever those are called on the ipad

um but if you are already running your own certificate authority and installing that on all the computers and signing your certs that probably wouldn't be totally outside of your wheelhouse uh yeah but it is it's more stuff so yeah well if you initially you should go listen file ssl certificates for filemaker server are not required one two it will throw the little color icon up uh so you know that it's not secure it'll be red or orange or whatever color it happens to be okay if that doesn't bother you then you're fine if it does bother you and you want a little green locky check box thing then you need to invest in the ssl certificate it's really that simple well uh very interesting on that and so are you gonna go through the process here and show this in more detail yeah we're gonna we're gonna purchase one and install it um so we can do this kind of in two different parts i think

um which is we want to buy one and then we want to install it and we have to make stuff to install um so i'm gonna break that up we'll just run through the purchase really fast uh so for those of you who don't know we generally recommend godaddy um it's not because we're like in love with them as a company or something like that but the web page is pretty easy to use and they're okay um so you're gonna end up this is their homepage i'm logged in already we're gonna go to this might be on the bar but basically you're looking for web security and you'll end up on the ssl certificate page right here there's a whole bunch of other options so i'll just run through these really fast so this is the one that we're going to pick right here because you just want the one certificate for the server there's another conversation i have here about wild card ssl specifically those are

great and they make sense after i think about four and once you have about four specific certificates it starts making financial sense to just get a wild card um there's other reasons why you might or might not want to do that what a wild card certificate is is for example if we hosted all of our servers like you know our websites fm training tv if we started hosting all of our filemaker servers on that domain and we've got like server one dot fm training tv and server two and three and four and so on um we ordinarily might have to get individual certificates for each of those or for example um what these ucc san certificates are is you can put up to like five names in one certificate is how they do that um and so it'd be like servers one through five uh dot fm training dot tv so um and that's why they're useful that's it's basically a discount if you only if

you have like more than one but less than infinite you can do like the cheap price and get a sand certificate these work fine as well um but let's say you know you're a big company and you've got like 27 servers and yeah maybe one of them's a filemaker server but all of it's hanging off your corporate domain like that um you know sir you've got the filemaker server dot and then you've got some web servers and some i don't know internal other application servers and what have you so if all of those are going to be on your corporate domain for example it might make sense to get a wild card certificate and what that means is in my example it's anything at all dot fm training dot tv will validate correctly um when you install that in the server so you can take that single certificate the the key and the what is it the key in the certificate file and the intermediates or whatever which

we'll get to in just a minute you can put those into any of those 20 you know 5 10 20 100 servers that you have they can all be on the same one um on the same certificate and so it'll just be you know you'll you'll add entries in your your dns that'll say yeah there's this server there's that server there's this other server and the none of that stuff matters you'll connect and it'll validate immediately um that's really cool so um i'm gonna go back let's see actually we're gonna do the purchase so uh we're gonna buy this we're gonna add to cart for most of our customers this is the one that you get uh i usually tell people it's like 80 bucks a year and that's because they give you a lovely discount the first year usually but you want to look at the the run the running cost not the cool discount that you get on the front end so we're going to add

this to cart we'll see if this doesn't um oh yeah actually hold on there's one other thing that i want to look at that i want to tell you guys about because it's another question that i get from people so i think that was on this list so there's all these other ones here so i talked about basically dv ssl certificates which is what these are there's evov san i mentioned in wildcard i mentioned so evie and ov are the other two to talk about companies like these or ask me about these basically they're more expensive and what they are is there's extended it's ev is extended validation and ov is organization validated what those are is you will you will like make the purchase and then you'll have to submit uh in this case i think corporate documents and then ev you have to like show kind of some kind of identity proof um to godaddy in this case or whoever the company is that you're

buying it from and so what what that does or what that used to do it doesn't anymore and this is why i don't recommend them what that does or used to do is for example on internet explorer if you guys ever remember going to a big website like microsoft. com or google. com the whole browser bar would glow green it wouldn't just not just a little green lock in the corner but like the whole thing would glow at you like green we're good to go that's what those were for now the reason i don't recommend it anymore frankly is because they don't do that anymore none of the browsers do that um they go with the green lock and they're actually getting rid of the green lock over time um really and so yes um i thought they want people okay why are they getting ready there's a long pro okay there's a long conversation about that the short the short version is they what they what they

learned what google learned specifically and they shared this research with everybody um is that people don't actually understand what those locks mean they don't it doesn't give them enough information to make um security decisions uh themselves right because that's the expectation that you're gonna look at the web address and know that you're supposed to be connecting to which server which page you should be on things like that p people regular users do not actually understand things like that um and the web urls the ssl locks and all that stuff like that was our attempt at like giving trying to give them the information um so that they can make those decisions and it just turns out that it's not the case like people can't do it in general highly technical users definitely can like of course i can i know exactly what page i'm supposed to be on and all that stuff um but but just for the general public that are not technical uh they

don't know what any of those things mean and they can't make good decisions with that information and so browsers one of the reasons and tech people complain about this of course it's one of the reasons browsers are kind of taking tools like that away from people is because most of the general public can't use those tools for anything useful and so the browser is basically slowly over time taking on the responsibility for making those decisions for detecting when it's a page that you're not supposed to be on you can go to your bank login and it's not the right page stuff like that they're trying to give more affirmative feedback where rather than just displaying some stuff around the edges that you might have to know to key into they're going to give you a bed block page that says hey we detected some funny stuff going on here you may wish to abort and if this is a fine if this is a financial page

please don't enter your login details here because we think it's wrong um and that is much clearer and and tells people something gives them direct advice as to what to do um that's that's harder right because then the browser makers and stuff are taking on that responsibility that's you know that's kind of in the other direction but it makes sense on a broad scale for non-technical users because the other stuff just they've done all kinds of studies people don't understand what any of the little icons mean so well it's a good conversation i'm glad we have it i think for people here there's more advanced people here for the most part right and i i i it's not so much the fact that people don't understand what to do with it for see for me if i had a like a big you know green a red indicator i would know that ssl was funky and if i was truly concerned about it i would go

find my i. t guy and say hey what the hell is with the red check box but i guess a lot of people wouldn't do that and that's the point that's a real interesting that's a user interface slash user experience conversation like a nick hunter kind of conversation so um so gg so a couple things fm bob says that uh wimp to went back to godaddy for ssl good pricing and great support gigi i did post a questionnaire for you can you move a certificate from one version of filemaker server to another server like 18-19 yes that's the short version yes yeah because because the certificate is specific to your domain your company it's not specific to filemaker at all right in fact they don't have a clue that's filemaker that nor do they give it right all they know is that that piece of paper is organized and encrypted in such a way with your domain on it and you were the authorizing person to

create it um it could be installed on probably a bunch of stuff it just happens that filemaker server can or read that right so just understand these ssl documents are not specific to filemaker they're kind of generic so yep and then we did we didn't have a problem i'll go ahead as i was just going to say the final note for these ssl certificates um the other reason that you may have someone if you're a large company who who might want to have an ev or an ovs certificate um is because they they come with more insurance basically that's one of the things i never talk about with ssl certificates there's technically insurance that comes with them and that's part of what you're paying for that's what the small amount of money is there's an insurance policy that comes with it some corporate lawyer departments uh corporate legal departments uh like to have excellent and broad and huge numbered insurance for things um that

are critic that they consider to be critical and so that might be a reason that you'd end up with an evie or an ovs certificate also because they come with greater insurance so now we did we were talking the other day became a joke that we had a customer who was trying to um use a ghetto ssl certificate and then they were having problems and so can you uh just quickly revisit kind of what they did that you wouldn't have done and why why we were calling it the ghetto ssl certificate um can you tell me more about why it was being called that what it was it was like some super cheap ass not approved ssl certificate and then it would work i can tell you what's what can go wrong there um so the main thing sorry i'm like clearing this out so i can redo it so it'll go flawlessly through the main thing that people run into if you go to like a

bar that's a cute bug go to a bargain bin uh web you know ssl company or something like that and you can you can get the lowest possible price for it because you're trying to avoid spending money um so they don't like make that list of uh approved certificate authorities like as obvious as it used to be because it i think i think once upon a time it would refuse to install ones that weren't on the list or there were actual real problems when installing the certificates into filemaker server directly um that stuff is no longer the case but what i can tell you is if you go to some of those places that aren't supported and there's a list somewhere there's about six or seven certificate authorities um that claris has kind of endorsed uh if you don't go from one of those uh my understanding is that filemaker go is where the problem is most other certificates filemaker pro i think uses the operating system for

checking the certificates and stuff like that your browser of course does and then but filemaker go my understanding is it ships its own copy of all of the certificate authority information rather than utilizing the one that's built into the ios operating system and so it it is like unable to validate those certificates basically and so i don't know if that means it will actually reject you or if you'll just have to override the secure connection but you should avoid being in that position in the first place frankly um yeah charles just wrote over here he says wish they would integrate services like let's encrypt bypass etc into filemaker server for managing certificates that yes that would be lovely um there i'll just note though there are operational challenges with that and it's one of the reasons why rcc doesn't do that um so when you do let's encrypt um that is a free for those of you who don't know that is a free certificate

it's not a company actually it's a it's a non-profit um they're wonderful and i actually do love them um but they are and they are great for websites particularly because web servers uh that specific piece of software when you restart it for a new certificate uh it goes down it comes back up there's no waiting or work and you don't kick people off or like it's just it's much less disruptive and it only takes a second so um but that's that exact same thing that makes it easy when you're doing it on the website is difficult in filemaker server because filemaker server actually installs the ssl certificate into itself and then has to restart the filemaker server software in its totality um and that requires closing all the files kicking everybody off you know shutting down the server software and bringing it back up again and all that stuff well um and so yeah do me a favor because you you skimmed over this and only reason

i know the answer is because you explained this to me about two years ago you kind of skimmed over what let's encrypt is is it does this thing like like reissue ssls like every 90 days or something how does that work maximum 90 days yeah they usually renew every 60. okay so what does that mean so every time you restart your web server um or every time every 60 days it just automatically goes and gets a new ssl certificate correct and then once it when it does that it restarts your web server yeah to load the new so it so it issues like a shell command or something to apache for example or iis to restart that service okay great yes so that's what and that's that's actually what rcc's websites do right now they're all on let's yeah the problem is i think we were trying to do that we'll play with that with filemaker server and one is that um there's you know the servers

don't automatically kind of boot everyone out and restart uh happily every night right we don't do that and so it became much more of a manual process when we restarted the server the ssls would drop and it was kind of a so yeah it would be nice if they did that but it's uh i think claire's once again claris wants to invest in this cloud 2 technology or whatever they have beyond cloud 2. i mean i think we'll see some of that next week i guess they you know that gets into it kind of the futures and stuff we can talk about that tomorrow more more tomorrow but i want to get through this uh install today so let's keep going jacob yep so i'm just going to buy this um the the the reason that what this is this right here actually what you're staring at is the reason why we uh recommend godaddy specifically um is because you could you notice uh i haven't had to put

any domain information in here this is incredibly easy for clients for um ceo level people that aren't necessarily in your technical stuff um you guys will recognize yeah you're talking about me just be nice okay so i'm in fact not talking about you you have bought ssl certificates before um but but some others you know if you have somebody with purchase authority inside the organization you can send them into this and i'm going to hit done and that that's it like i haven't put in any domain information you know none of that stuff um okay yeah okay i'm scott in discord says i'm talking about him so yes scott i'm talking about you now um but uh i haven't needed to put anything in here i'm gonna hit purchase uh and that's gonna be it hopefully it purchases excellent love it great so um we'll have that now and so we'll go through this hey there's my email great to do i'm sure that'll come up on

come up over on my other side you might you guys might hear the ding um so i can't i can't vera 57 i will get to your questions today but i want to let him finish this first yeah i want to run through this really fast so we've purchased that and ding i heard the ding so we have that in our account now so i'm going to go over here go to my visit my account i'm going to see my standard ssl certificate in here wonderful and so we're going to set that up as what we're going to do but as you've noticed we haven't we don't have a domain yet so i'm going to skip a tiny tiny part of this because we don't need to do the dns or any of that stuff because we're reusing this 360 work server that you all saw previously this was one of the spokes this is the the one from virginia in fact um and so what we're going

to do is we need to generate this ssl certificate now there's two ways to do this and i'm only going to show one of them um the the one the way that we're going to do is there's the fms admin command line utility that can generate ssl certificates for you um and then the other way is if you were to for example use like an open ssl command line utility directly to be honest that is how i personally usually do it but that's because i end up generating them on my just on my own actual mac and then putting them on the server instead of doing it directly on the server but for demonstration purposes we're going to do it sort of within filemaker so i don't even remember the command we're going to do this together um so you can use the help command this is fms admin this is you can do this on like on the server okay you can do that and so you can

do fms admin help and lots of other things but certificate i know is the the part that we're going to do so let's see if we look at this documentation here we're going to do fms admin and so the things that we're looking for are the actions so we're going to certificate we're going to create it says we're supposed to do and then here are the examples that you all want to look at right here this is what most people use right here basically and that's that's what we're going to use today actually that's like that top example right there is the most common one so you're going to pass two pieces of information one is again that that domain that is pointing at your server um this is an a record in dns if you want the technical details on that um pointing at the server's ip address and then the second thing is we're going to put a password on that key file so so

i'm going to pull up my filemaker because i've forgotten what the domain is uh that one okay wonderful so we're going to create um we're going to be 1701 b 1701b atrcc. com and then we're going to put that password in so we're going to do key file pass and we're going to use the most super secure password ever of password123 don't actually do that you should come up with something more complicated i recommend capitals uncaps maybe a symbol in there somewhere an asterisk or one of those curly braces or something like that we're gonna do that oh and i have to wonderful all right so what that has done is it has put um i forget i don't think it'll show us immediately i wanna i'm gonna check this just to see ah it does not nice okay wonderful so what we actually just did is i'm going to browse to this because this is where the there's actual just we basically just generated files

on disk so we're going to go into program files the filemaker server directory all the super secret security stuff is stored in c store um i'm going to order by date modified and so that's going to be that today say really the 30th wow um so what we just did is we generated these two files basically the server key and the request the request is what we're going to actually use here so i'm going to edit this so this this will be the this will be the contents so when you when you i'm going to use this because i'm going to copy and paste it to godaddy basically but when you generate one of these the two files that we generated was the key and the requests so you give the request a godaddy they sort of verify all of the details potentially and then give you the certificate back and then what you will install later which is what we're going to get to very shortly is

you're going to install the key the certificate itself and then the certificate will come with an intermediate certificate file and you you do want that so we're going to do set up and it's going to say hey and we're going to say ah great we have one new certificate fantastic we're going to input a csr so this is a lovely convenience that choose a domain here so if we for example if we had all of our company domains in this godaddy account um and we bought the ssl certificate on the same one this would be like a big it's a it's like a typing box right now but it'd be a big drop down box with our domains in it and we could pick you know something atrcc. com and it'll it'll even give you if you have sub domains like in the godaddy dns like that's how you're managing everything all in one place um it'll give you that stuff so you can just pick it and

say yep and i want to give you you know give you the csr for it or whatever in this case we're going to input the csr and actually i didn't copy it so i need to copied it i'm gonna paste this wonderful and yep see that looks right wonderful so we're gonna do continue um yes that looks excellent so we're probably gonna end up with uh doing that i think i'm gonna agree um and those emails uh that yeah i should uh i don't know if i can go back i can go back perfect so these emails these are like standardized emails that everyone should have on their domains i know most people actually don't have these on their domains but all of these are technically supposed to exist rcc has most of them actually so the people can email us services on the internet if we are having a problem services on the internet can email us this is our like service domain atrcc. com so

there's no email or anything like that on it so those are going to go into a black hole but um so we're going to agree to this uh actually don't know why you would use starfield i think that's for legacy applications i believe um that's my understanding that's that's what i think so we're gonna hit go um we're not going to do anything with this and i think it's gonna email me about this they thanked me for my order so let's see if i get an email about this we may have to do something with the dns it's possible it may automatically validate itself though because as you guys saw we have the that the the wild card certificate i call it the asterisk certificate um on this account as well which means i may have already validated it so it may just automatically go but there's basically two ways to accomplish a validation one of them is you'll need to go into your dns panel

for your web domain which may be on godaddy maybe even in a different company rcc uses multiple companies for our stuff so we have domains in one place and then dns stuff in another for our specifically for our high value stuff um you may have to go in yes or high value stuff um so uh so in that case what you'll do is you'll you'll you'll either do one of two things there's a domain validation uh pathway where you basically put a file that godaddy will give you it's like a secret you can't know ahead of time they'll give you that file and you've got to put it in a particular place on your web server this in this case on our filemaker server and then go daddy will check that that's there and so that's one way to prove control over the domain is that you know you're able to modify files directly on the server by adding them stuff like that the other way that they

do it as i mentioned is that dns um and so what you what they might ask you to do is they'll give you a um it's called a txt record which is it's text um and so they'll give you a little snippet a little snippet of text it's maybe 30 characters or something like that um and you'll have to put that uh on your domain um and so then godaddy will go and look at your domain and they'll check it and they'll say oh hey they they put that chunk of text so we gave them on there great and so that proves that you can control it basically because you you made a change that they can confirm with information you would not have known at the start for example so um i don't know what we're waiting on here let's see we are waiting on domain control i have not received any new emails from godaddy which is what i'm hoping for canberra's got a comment there

says i can understand that they are not the oh he's talking about ear and ssl so he was asking i'll i'll deal with this real quick so kimber's asking about ear encryption that's where you actually encrypt the actual filemaker fmp tool file itself um for everyone who knows or doesn't know about this you it's a level of security not so much across the wire from hackers on the internet it's more about hackers or someone who gets physical control of the machine or a copy of the file if it's ear encrypted they can't get into it it would take a super computer to kind of hit against it um yeah i think pambera is asking about whether they can uh like let's see close the file so yeah if you if you connect to the server like your remote desktoping on it or something like that and you open up filemaker on the server and then do the encryption with the developer utilities yes i'll just

warn you though that there's a high likelihood of shooting yourself in the foot with that actually um and that is because um when the file is on filemaker server the if you have any external container data it is stored outside the file in a different way than if you're using the file like locally on your desktop or something like that and so you have to be careful to like rearrange the container data and then arrange it back again afterwards um which is kind of annoying that's right because there's a path change difference there i ran to that the other day i can't remember i should i should figure that out and shoot a video on that because it's one that i intermittently get burned by um yep i'll add that we were gonna have that one client that we went back and forth for for a while they have uh they had about 30 gigs of external container data and needed assistance with that because you have

to bring you have to bring the container data up so it's next to the database do the ear and then once the ear is completed it it re so earring the database also i believe re-encrypts or at least reprocesses all of the container data so it has to be there um if you do the ear and the container data is not there i think that here that your process fails is my understanding um and because it can't find any of the files um and if you put it there it'll it'll like reprocess everything and then you take whatever that eared output file and then you have to put everything back again and then make the file live so yeah i wouldn't want to ear and on ear and iron on here i just think you'd either go one way or the other my biggest problem with ear is that people say yeah yeah yeah one ear one ear yeah yeah yeah yeah yeah and then these are the

same people who lose their pin number to their atm and crap like that and so they lose permanent access to the file like for forever right and so it's kind of scary um people so sometimes we say hey let's not ear it um and then or if we're gonna like write the code down you're gonna write it down this people i literally tell them remember it used to be the joke don't put it on a post-it note on your desk i tell people put it on a post-it note on your desk and five other places too that way after you know you've moved on to some other company or whatever happens and then you need to find that password you can find it right so please put it on a post-it note on your desk would be really awesome yes and gave us a certificate excellent cool um and yeah uh per scott henderson made the comment about your open and uh basically the comparison between

open and secure storage for your container data uh yeah earring the database i don't believe encrypts the um the externally stored container data if it's open storage type okay but that's a separate topic so the on the on the oh on listen so here's the deal with open storage don't do it and it's not because i believe in encryption or anything that like that listen here's the deal operating if you don't if if you just are do the generic rookie deal and you say make it open storage even if i even if a file is totally unsecure i make the the the ss i make the containers secure because it takes the files and it breaks them down into multiple component parts and spreads them over a lot of directories if you have open storage filemaker will take all the containers for the entire file and stick them in one directory and so in an operating system when you put 10 000 or 20 000 items in a

single directory your operating system can choke and quit working and or crash and um the number sims always kind of increase a little bit but i there was times in five within the last five ten years where i could crash the mac because there was too much open storage in a container in a single directory and so i had to write my own routine to like put it in different directories if you just do secure storage it shreds it and then it breaks it across 50 100 different directories that are in that little secure directory and so it's not a problem it's just an operating system limitation i highly recommend you do it that way if you don't you're going to screw yourself just because there'll be a problem so yeah and there there are implications to that just to be clear i want to address canberra's comment too about um insider threats basically is thinking about that right most businesses don't want to be distrustful

of their employees and that's perfectly understandable but it isn't and it's that might not even be quite the right way to frame it because the other part that you can think about is not uh for example if you're even if you are in love with your id department uh there's no need there's no not necessarily a reason they need to be able to access those files open in the directory um and if they do you might if you have users that need that you might question how that process works and if there's a way that you can make it more secure because what that will allow you to do in the future if you're not doing this already is limit you know limit everything to the users who need to log into filemaker and then within that the if you have the privilege set set up to limit user classes of what stuff they can access and so that'll limit for example which documents they could feasibly even get

access to um and so you you eliminate the whole conversation about well maybe the it guys can see it you know because maybe they're the only ones with access to the server directly like that or whatever you can just you don't even have to deal with that whole conversation um the the container data is encrypted it's out on disk it's nice and scalable the way that you want it to be and you just don't have to worry about that you can build your solution to do the work of preventing the users who actually use filemaker the right ones from accessing which things so cool cool cool cool questions we have where are we at let's pray we're pretty much done here are we just about done yeah we're just about to be done so i have to download this and then install it um so we're gonna do so all right so this is one of the not obvious things as everybody here knows we are installing this

in a windows server um for a lot of people oh right um so i come over to this page they go server type uh and right this is obviously kind of a list of operating systems maybe my linux exchange is okay i asked mac whatever so the problem is is that we're not so the obvious one here is i get a lot of people that pick iis here because yeah actually we're on windows so iis is uh like the correct choice it's super logical um the problem is that we are not giving the certificate to iis we are giving the certificate to filemaker and so uh filemaker is what does the ssl certificate installation technically if you want to think about it that way and so we we you know hand over the pieces and say hey go and it it does the install work so the the issue with picking iis here is that it will give you the certificates formatted in a way that

filemaker can't understand and so it'll it'll refuse as a short version it just tells you no i can't do that so we pick other um which gives you the certificate in the most generic form possible so i'm going to download that that's going to go show up on my computer see yep key file pass correct um yeah the content yeah david angel you are correct and you're going to paste in godaddy and then you're going to wait for them to trust you yeah so they're going to email you or you're going to do the txt record like i said there's a third one if you need to do the html like i mentioned there's a like a little code that you can put in an html file that one's kind of annoying on windows specifically because parts of it are just kind of hard on windows um but they'll give you directions for how to do that so if you can uh stringently follow directions you'll

be fine basically um okay so here we now have our 1701b uh certificate that we did so i'm going to extract and we'll end up with our lovely folder here um so we're going to do the install because oh actually we're going to we're not going to do the install we're going to log back in so we're going to come in here we're going to go to configuration uh we're going to go to ssl certificates and we're going to import and so this will be what most of you will be doing it'll be something like what i'm about to do you're going to pick so this certificate the from godaddy anyway they named them hilariously so you want this one uh it's whatever gobbledygook. crt um and then the intermediate is the other one that's cool so we're gonna have to do the gd bundle um and then actually the private key file this part is going to be funny because i don't think i

can type that in because i can't see the bottom of the window this dialog doesn't work on small screens so let's see so we're going to go into filemaker and we're going to pick that key that we picked previously right that i showed you guys like i ordered by date and we see request so we're going to pick this and that goes that's your private key file specifically we generated that earlier i think this doesn't work yeah because they pinned it to the window basically the problem the problem with it is this this modal the import certificate thing it has like a minimum height from the top of the window and it shouldn't and so it means that if you're on a tiny short screen like we were because we're trying to do 720 like you can't it doesn't work so um so there's oh yeah password one two three that's right do three uh so we're gonna do import and it's gonna give us a lovely little

message it'll be like so we're gonna restart um and so on mac you'll have to do this i guess we're demonstrating on windows on mac all of this stuff is basically the same uh except that filemaker servers in the library folder instead of program files but that's basically the same thing um yeah because carol is asking the carol is asking the differences between i guess mac and server she says server type equals other on mac 2 or use mac yes yep yep server type equals other on both um yeah uh i think actually on mac technically apache would get you the correct thing but i that's not worth i would just pick other because that's always going to be easier and it's an easier rule just pick other um so on mac uh and i want to note this because of these things a couple of the file paths right you can be using finder instead of explorer et cetera et cetera mostly these

processes are exactly the same um you'll you'll open terminal instead of powershell etc um but you get you guys know that you you know the programs are somewhat similar the command line program basically so but but the one big difference is on mac um you'll need to do the restart on the command line as well um there isn't a uh like on on windows i'll show you here actually also so i'll hit ok and we'll do that so i'm going to open the start menu we're going to go to services this thing doesn't exist on mac um like this way to manage all the system services and stuff uh there are like ways to get access to this information but not in a you know pretty right click restart whatever sort of way and so you might want to look up the command david angel you should uh not classify them based sorry he's asked he's confused about the different file type names um don't classify them based

on the file extension the pem versus cert versus whatever because you need to think about the different file names themselves yeah the file extension matters because that's what format it's in but often other other companies other than godaddy for example will give you additional files that i have not even shown you here and you'll be further confused so you want to you want to be able to look at what your look at the files they've given you and know which ones are right often they'll give you something like a bundle except for other companies they do call it the intermediate certificates but it'll be in pen format for the certificate itself they'll give it to you and there might even be multiple just like that where there was a pen format one and a cert format one you you know they'll do the same thing except you'll want the sort format one so um i can't i can't give you a hard and fast rule on that

because there's 600 odd certificate authorities if you're going to go with one of the other ones because you don't care about filemaker go at all um then ever all of them do it slightly differently so um anyway so so to restart this uh we're actually just going to do restart and that's going to kill my stuff in the background technically you want to close the files first but there's absolutely nobody on the server right now if there are people on the server um when i hit ok and i went to go restart the stuff you want to close the files down and boot everybody off at that time that's that that's an excellent time to do that and then you can come to the services menu and restart everything um but we don't have um doesn't matter so much because there's no no one on the server right now okay so uh yeah just so to follow up with what to follow up with what he just jacob

just said is that if you tell the server to restart and and it is possible for it to not shut the files all the way down and just to blow itself up it that can happen so it's always better technically to ensure that you shut it down and now someone say oh that was a bug that was fixed in filemaker version what except i wouldn't know that because claris doesn't tell us generally when they fix bugs right and so i've i've had a they tell me that stuff is fixed and i've had 18 servers uh not 18v4 so far um but earlier versions of 18 servers i have had them because they're running for a very long time if you don't close the files before you do something where you're restarting the filemaker server software it it just crashes out and so if those files are closed when it crashes out we don't care it's fine it doesn't hurt yeah but wait but then if they what are

the rule everyone if we cr not all the experienced people the inexperienced people bunnies here what is the rule if you crash a file on filemaker server what do you do bunny not scott all right so then um we'll wait for bunny's answer uh on the uh domain there's a domain here gigi asked a question i don't know what i should use for a domain and i said well gigi what what website do you folks have any and it's in there in discord if you look at that uh jacob oh they're consulting sites it would be like happy database you know happy fms dot it's a sub domain so you want to just walk vaguely through that real quick yeah so most of our customers pick uh names like fms uh filemaker fmp for filemaker pro um app dot uh if they're like not super into naming it after filemaker specifically um just stuff like that there's a couple of our customers that have named it based

on the actual not like their database name but kind of the app the general application name because they're going to have third parties that are that don't work for them logging into it stuff like that for example via web direct um so it's kind of a personal preference on naming to be honest um you could you know name it raja or or a flower or you know whatever right and it's naming servers so as long as you guys if it's only used internally it probably doesn't matter that much um but okay you can get interesting so carol did answer a question if you crash your filemaker server or any filemaker file and you like the file you always use the backup you don't use the crash one so good job on carol with that i think we lost bunny in the process um and then uh you would register that sub domain with your registrar right first right wouldn't you do that would you register the

fms with them or do an entry on the right with the domain that is yeah that was what i mentioned um you're putting that into your as a dns entry an a record uh that may be so if if you've kept everything all in one place that will be wherever you buy your domain um most domain places these days they they do they handle the dns end of it too um if you're a larger corporation often you'll either separate those out for resiliency liability access et cetera purposes and so there might be a different place that you go to edit the dns settings or you have i. t people and you say hey i need this thing added and they can either go up their chain for approval or if you're their boss then you tell them to do it so um but that but yeah basically you'll you'll go to generally for most of our customers they'll go to the place that they get their domains from um

and add that as an entry okay great um cool and then once you have that then you do this ssl process so it's that step the the domain first then the ssl um in that order david angel he asked i we inserted three three files into the certificate so that's the sorry three files into filemaker server uh that's the certificate the intermediates and the key um we gen so he he asked which one were received from the certificate authority so that's the certificate and the intermediates i'm just calling them intermediates they are intermediate certificates um there's a whole bunch of technical reasons for that that nobody actually cares about but you should put them in if you have them put them in that's the short version it guarantees a higher likelihood of a green uh lock in filemaker for example um and then the one of those three that was generated by the fms admin command is that server key dot pin so okay so yeah

and then david angel uh he's asking for registering a filemaker server domain you have to create an a record yes uh do not use a cname and then carol carol just asked right behind that so before i do the domain i need a static ip yeah so generally static ip first then the domain in the domain will point the a record it'll point to the ip then once you have those two steps done then you go to the ssl certificate people and you go down that road and if this all sounds really stupid and crazy just send an email to support rc consulting and if you want to have jacob spend an hour or whatever to helping you that's fine yep so yeah that's gener generally ssl is done in an hour we can usually even if you've got crazy hairy uh wild stuff all over the place we can usually figure it out in about an hour so yeah so if you want to take a crack at

it or if you just want to save yourself the gray hair then you can just skip the jacob part so just a matter of what you want to do i mean i listen i've been there when my company was starting and was broke as piss and didn't have any money and i had to do it all myself and then you you know get farther along and then you like get some really good i. t guys that you or gals guys whatever loosely that'll do the job in fact we have uh masha she is quite uh exceptional at max setups we like her windows she has no idea max set up she's quite good so uh cool so yeah right on okay so tomorrow's gonna be open q a day are we pretty much good at this point i think we're done right yeah yeah we have an ssl oh i should uh should i demo this here i guess he could um let's let's refresh hey look and we get our

big lock and it's all green and we see the valid and it's got our name on it so check check check very good so we appreciate it we'll see you tomorrow for a live stream if you have questions you want to continue the conversation check us out at discord. com as a reminder for those of you who are lurking definitely check out our live training schedule here at fmtraining. tv hit the button on the tab over here the live button and for those of you who have not bought our bundle please go buy the bundle if you're lurking buy the bundle because this helps support the channel that way i can pay jacob jacob wants to get paid for his time he doesn't work for free so that's how we do that right everyone catch you tomorrow

Daily Open Q&A with FileMaker Experts. Questions about Installation, Upgrading, Purchasing or How to make FileMaker work for you in your company to increase ROI.

Get up to speed with the FileMaker Video Training Course!

Top Rated Course by FileMaker Expert, Richard Carlton.

http://fmtraining.tv/fmpro19.php

Experience Richard's dynamic and exciting teaching format, while learning both basic, intermediate, and advanced FileMaker development skills. With 30 years of FileMaker experience and a long time speaker at FileMaker's Developer Conference, Richard will teach you all the ins and outs of building FileMaker Solutions.

The course is 60 hours of video content! Transform your business with the FileMaker Platform

Richard has been involved with the FileMaker platform since 1990 and has grown RCC into one of the largest top tier FileMaker consultancies worldwide.

Richard works closely with RCC's staff: a team of 30 FileMaker developers and supporting web designers. He has offices in California, Nevada, and Texas.

Richard has been a frequent speaker at the FileMaker Developers Conference on a variety of topics involving FileMaker for Startups and Entrepreneurs, and client-server integration.

Richard is the Product Manager for FM Starting Point, the popular and most downloaded free FileMaker CRM Starter Solution.

Looking for FM Starting Point free software download: http://www.fmstartingpoint.com

FMTraining.TV

2122 9th St., Suite 102

Los Osos, CA 93402

(805) 946-6552

https://fmtraining.tv/

FileMaker Pro is a simply powerful software used to create custom apps that work seamlessly across iPad, iPhone, Windows, Mac, and the web

Free FileMaker Training Videos Channel https://www.youtube.com/user/FileMakerVideos

FileMaker 19 Video Training Course Introduction-FileMaker 19 News-Learn FileMaker From The Experts

https://youtu.be/oszJcgSjxJE

https://www.youtube.com/watch?v=oszJcgSjxJEu0026list=PLjTvUZtwtgBTCbN3Sr7yn6weIyIofDoMLu0026index=2u0026t=1s

FileMaker 19 New Release - Top 10 Need To Know Items in FileMaker 19 - FileMaker Top Ten News

https://youtube.com/watch?v=kRDXfpMrjvM

https://www.youtube.com/watch?v=kRDXfpMrjvMu0026list=PLjTvUZtwtgBQ_rHl8G-LP4gSVl7mvO-Zqu0026index=2u0026t=0s

FileMaker Purchasing Options-FileMaker Training-Best Way To Purchase FileMaker 19-FileMaker 19 Video

https://www.youtube.com/watch?v=LlZqf_8N1Ho

https://www.youtube.com/watch?v=LlZqf_8N1Hou0026list=PLjTvUZtwtgBTCbN3Sr7yn6weIyIofDoMLu0026index=3

A database management system (DBMS) is a computer software application that interacts with the user, other applications, and the database itself to capture and analyze data

Video introduction to iOS App Training https://www.youtube.com/watch?v=cVxQe_yAshw

Free FileMaker videos check out ...http://www.filemakervideos.com

Download the FileMaker Pro and FileMaker GO for mobile devices training videos at http://www.fmtraining.tv

Download FileMaker Go video training at https://fmtraining.tv/fmgo19.php

Download FileMaker Full Video Training Bundle at https://fmtraining.tv/subscription.php

Learn how to use FileMaker to create an app with the FileMaker Training Series

Comment, Like and Share All of Our Videos.

Feel Free to Embed any of Our Videos on Your Blog or Website.

Follow Us on Your Favorite Social Media

https://www.facebook.com/FileMakerVideos

https://twitter.com/filemakervideos

Join us for live training on Twitch daily at 1pm Pacific

https://www.twitch.tv/fmtraining

https://fmcoachescorner.com/

https://www.youtube.com/user/FileMakerVideos

https://www.filemakervideos.com/

https://fmstartingpoint.com/

https://fmstartingpoint.com/downloadform3.php

Download FM Starting Point

https://filemakerfree.com/

https://filemakerfree.com/signup.html

FileMaker 17 manual For Novises kindle

https://www.amazon.com/FileMaker-17-Manual-Novices-ebook/dp/B07D952V1W/ref=sr_1_1?dchild=1&keywords=FileMaker+Book+for+Novices&qid=1604344406&sr=8-1

https://rcconsulting.com/courses.html

https://www.guidetofilemaker.com/

Blogger sites

https://fmtrainingtv.blogspot.com/

WordPress sites

https://fmtrainingtv.wordpress.com/