Artboard
Managing OttoFMS

Using Custom Certificates

OttoFMS and OttoDeploy trust the certificates in your operating system's trust store by default, with an option to add extra certificates on Windows and Linux.

Requires OttoFMS 4.18.0 or later.

As of OttoFMS 4.18.0, OttoFMS trusts the certificate authorities already installed in your operating system's trust store by default. If your internal or corporate CA is trusted by the OS on the machine running OttoFMS, OttoFMS will trust it too, with no extra configuration required. This works the same way on Windows, Linux, and macOS, and there is no way to turn this default trust off.

If you're using a custom or self-signed certificate that isn't already trusted by your OS, add it to your OS trust store using the instructions below for your platform.

Windows and Linux

On Windows and Linux, add your certificate to the operating system's trust store using your OS's standard tools (for example, the Certificate Manager on Windows, or update-ca-certificates/update-ca-trust on most Linux distributions). Once the certificate is trusted by the OS, OttoFMS will trust it automatically.

If you'd rather not modify the OS trust store, you can instead point OttoFMS at an additional certificate file using the NODE_EXTRA_CA_CERTS environment variable. This is useful for certificates that aren't installed system-wide, or for testing a certificate without changing the OS configuration.

macOS

On macOS, add the certificate to the System keychain and it will be trusted automatically:

  1. Open the "Keychain Access" application
  2. Select "System" from the keychains list on the left
  3. Drag and drop your certificate file into the certificate list
  4. Double-click the imported certificate
  5. Expand the "Trust" section
  6. Set "When using this certificate" to "Always Trust"
  7. Close the certificate window (you may be prompted for your administrator password)

Verifying the Setup

After adding a certificate to your OS trust store (or setting NODE_EXTRA_CA_CERTS), restart OttoFMS for the changes to take effect. You can verify the setup by checking if OttoFMS can successfully connect to your services that use these certificates.

Common Issues

  • Make sure any certificate you add is trusted at the machine (system) level, not just for an individual user
  • On Windows/Linux, if you're using NODE_EXTRA_CA_CERTS, verify the path is correct and absolute, and that the file is readable by the user running OttoFMS
  • On macOS, ensure you've added the certificates to the System keychain, not the login keychain
  • Remember to restart OttoFMS after making certificate changes

Troubleshooting

If you encounter issues, Windows and Linux servers will log errors to the otto-error.log file. If you are still not seeing anything, turn on debug logging and check the logs.

Using Custom Certs with OttoDeploy

When using OttoDeploy with servers running custom certificates, you'll need to add the certificates to the client with OttoDeploy open (the machine where the OttoDeploy window is open). You can do this on Mac by adding the certificates to the System keychain. On Windows, you'll need to add the certificates as trusted roots into the Edge browser, as this is what FileMaker is using as a browser client.

Was this page helpful?

On this page