Fqdn - ssl - vpn

Hi there,

as OttoFMS is only reachable via FQDN and SSL, is there any chance I can deploy our solution to customers whose FileMaker Server server is only accessible internally ( → VPN → access via internal IP → no SSL → no OttoFMS)?

Thank you so much,

Hello :slight_smile:

Currently it isn’t supported, however we haven’t ruled it out entirely for the future.

After years of trying to support IP addresses with out SSL I can say that it is quite difficult to do well. The easiest and cheapest solution is to get a certificate and a domain and install it on the server. This will make everyone’s life easier in the long run.

But after the public launch we will take another look at it, to see if it is something we can do well.

We also have Ottomatic feature in the works that will create a tunnel from your OttoFMS server out to the public internet where you can get a FQDN. That will solve a lot of firewall or internal network related issues. There will be a monthly fee for that, we haven’t decided what that fee would be yet. We expect that feature to be out sometime in Q2

Let us know how important this would be to your customers. How many of your customers don’t use SSL by percentage? That will help us judge how important this is



Hi Todd,

I fully agree with you, using SSL is the way to go for many reasons. However, the problem is, I think, not on the SSL side per se. I’m not a network guru at all, but the way I understand it, the FM server must be accessible from outside for the SSL certificate to verify the host. However, as our databases store critical data, most of our customers prefer on premise installation without the servers being reachable from outside. Homeoffice users have to connect via vpn and the same is true for the FM server that performs the update/deploy/migration.
To my understanding, customers would have to set up a DNS server to translate the FQDN to the internal IP address of the server if they want to connect to the FM server from the intranet. Is that correct?
Further, could I configure the host file of our deploy server to translate the FQDN to the internal IP address to deploy to remote servers via vpn?
Thanks a lot.


To use FQDN and an ssl cert, something needs to direct the FQDN to the correct IP address. That could be a DNS server either inside outside the customers VPN/Network.
Or it can be done using the hosts file. But that will only work for requests originating on the computer with the modified hosts file.

One thing that makes this is a bit easier is that the FileMaker server that is installed at your customers location doesn’t really need to be reachable from the outside. You will need to be able to get to the server and start the deployment or migration, but you can do that through the VPN. OttoFMS on that server will reach out to where ever your new development copies and clones are. As long as that server running inside your customers network can reach out and connect to those urls the deployment will work.

If your customer blocks out bound requests that will still be a problem, but most people are blocking inbound traffic not outbound traffic. But we have a solution for that too.

You can make a “build” or a release version of your software, and send to them. They can host it inside their network, and they will be able to do an upgrade. Or you can do it for them.

But, right now, today. Otto requires a FQDN to start the update/deploy/migration. After engage we will take another look at supporting IP addresses.

Hope that helps


Hi again :slight_smile:

I just took a quick look into this issue. We should be able to use Claris’s self signed cert that comes with FileMaker Server. It won’t work right now, because OttoDeploy will reject it, but I think we can get it to work in a future release.



Hi Todd,

this would be very helpful because:

…means, that the customer’s server would still have to be accessible with its FQDN, otherwise I cannot define it as the target server, even if I run the deployment on it - if I’m not missing something.

However, I’ve run some tests and it works like a charm. This is really awesome and puts large scale FM development on a new level :+1:

One little issue: The files selection popover in the deployment section should be scrollable :wink:

Happy weekend, Mario

Thanks for the feedback on the file list. Yes that should be scrollable. :slight_smile:

I think you have the rest figured out as far as it can go right now. Let us know if anything else comes up.