This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FileMaker does not accept reverse proxy SSL certificate

Hi people,

I hope this is the correct forum. It took me some time before I found out how to even post a question.

I have this FileMaker database server which is sitting in the private network. Using NAT, I have configured all traffic over port 5003 to go to the internal IP of that server.

Because it is using SSL encryption, I have set up a reverse proxy entry for https, and linked my domain it's wild card certificate to it, and I am passing host headers.

That worked fine until some months ago, don't know exactly, probably after some upgrade or update.

Now, when I connect from the outside to the server, it is telling me that the certificate is invalid. There is a button to look at the certificate from that dialog, and it shows that all parts of the certificate ( cert, intermediate, CA ) are all OK.

This does not happen when I connect from the inside, using the same DNS name.

I realise this is not exactly main stream http / https proxying, but just maybe someone has experience here with this particular setup.



This thread was automatically locked due to age.
Parents
  • I used the excellent tool on SSLlabs.com ( https://www.ssllabs.com/ssltest ) and discovered that the intermediate certificate is incomplete.

    So I think the WAF handles the main (wildcard) certificate, but not the intermediate one.

    Which appears logical to me, because the WAF web interface only lets me configure the main certificate.

    Could that be the reason?

    If that is the reason, could there be some way to make a certifcate file for the firewall that includes both the main certificate and the intermediate one?

Reply
  • I used the excellent tool on SSLlabs.com ( https://www.ssllabs.com/ssltest ) and discovered that the intermediate certificate is incomplete.

    So I think the WAF handles the main (wildcard) certificate, but not the intermediate one.

    Which appears logical to me, because the WAF web interface only lets me configure the main certificate.

    Could that be the reason?

    If that is the reason, could there be some way to make a certifcate file for the firewall that includes both the main certificate and the intermediate one?

Children
No Data