Back in 2016, we discussed how Bonjour can interfere with obtaining a proper SSL ‘green lock’ for your FileMaker Pro and Go client connections.
Bonjour is Apple’s zero-configuration networking service. It helps you locate other devices on your network, like printers, iPads, and more via a local network and records on a multicast Domain Name System
Unfortunately, your list of Local servers is populated through Bonjour.
Server Verification Issues Caused by Bonjour
When you select a server from the Local list, the bonjour domain suffix of .local is used to connect to the server instead of the server’s actual DNS name. Since the server’s DNS name is on the SSL certificate, FileMaker Pro and Go, will warn you that they cannot verify the server’s identity. The name used to address the server simply does not match the name on the certificate.
If you proceed past this warning, the connection itself will show an orange lock due to the name mismatch between the server with the .local suffix and the name of the server on the SSL certificate (m1-01.ets.fm in this case).
How to Navigate This Bonjour Issue
Picking a server from the Local list is not ideal. So how can you avoid this scenario by making sure your server does not show up in that list?
On Windows, you can opt out of Bonjour when you install FileMaker Server. The original blog post we mentioned shows how you can remove Bonjour on a Windows machine if it did get installed.
On macOS, Bonjour is integral to the operating system. You do not get a choice to not use it for FileMaker Server. The same is true on Linux. (FileMaker Server installs bonjour-like functionality by way of Avahi mDNS.)
But now you can control whether your FileMaker Server is visible through Bonjour. FileMaker Server 19.2.1 (released in December 2020) introduced a neat little feature that has not been talked about a lot: the ability to toggle your FileMaker Server’s discovery through Bonjour.
On your FileMaker Server, go to the command line and type in:
fmsadmin get serverprefsToward the bottom of the settings, you will see one named ServerDiscovery. It is active by default on Windows and macOS and off by default for Linux.
If you want to hide your server from the client’s local list, simply set the preference to false:
fmsadmin set serverprefs ServerDiscovery=falseYou can make this adjustment live; it does not require a restart of FileMaker Sever. The change will take effect immediately.
Problem solved. This solution is a lot more elegant than trying to remove bonjour or decouple the FileMaker Server service from the bonjour service, as we show in our 2016 blog post.
Thanks Wim, incredibly useful as always. Exactly what I was looking for.
This is great, will it work with FileMaker Server 18 on Mac OS? Once I’ve done this, how can I change my host name on this Mac so that it matches my full FQDN in the GoDaddy SSL certs?
I’m afraid you’re looking in the wrong place. Your Mac’s host name doesn’t come into play when your FMS has a custom SSL cert. The DNS resolution of the FQDN happens at the DNS server, which retrieves the IP of your FMS to know where to send the traffic, not the host name. The machine’s host name does not need to match the DNS name.
But to answer your question: it’s a 19.2 feature, so it doesn’t work with FMS 18. If you have 19.2+ then yes, turning off bonjour for FMS on macOS works the same as on Windows or Linux, it’s just an FMS configuration.