FileMaker Server 2026 FMSAdmin CLI import certificate error 184

We have a wildcard SSL with a passcode that we install on new servers with fmsadmin CLI This fails with error 184 file invalid with FileMaker Server 2026 on ubuntu 22 and 24. The identical command line with the same SSL works as expected with FileMaker Server 2025.
Anyone seen this or have any insight...

Thanks

Tossed your post into Claude, and this is what was returned:

this is a documented, known bug in this exact FMS 2026 release. Per Claris's own release notes: using an SSL certificate with a passcode prevents access to databases from OData and xDBC, and Claris's stated workaround is to use an SSL certificate without a passcode.

That's the OData/xDBC symptom of a broader regression — but it confirms passcode-protected certs are specifically misbehaving in FMS 2026 in ways they didn't in 2025. Also worth noting: FileMaker Server 2026 upgraded the underlying OpenSSL library to version 3.5 LTS, which is a likely root cause — OpenSSL 3.5 is stricter about PEM/PKCS#8 passphrase encryption formats (particularly legacy RC2/3DES-encrypted private keys) than older OpenSSL builds. If your wildcard cert's private key was encrypted years ago with an older cipher, FMS 2025's older OpenSSL would happily decrypt it, while FMS 2026's OpenSSL 3.5 may reject it outright — manifesting as "184 file invalid" rather than a clearer passphrase error.

Thanks. So the encryption used by the fmsadmin CLI to create the CSR used to request the certificate may well be old enough to use the older encryption and fall foul of the newer requirements. I have a couple of follow up questions:

  1. Is it clear that is a CSR created by 2026 fmsadmin CLI with a passcode will work as with previous versions of FileMaker Server?
  2. Are there any security implications of NOT using a passcode?

I don't want to go to the effort of redoing the SLL for all the servers unless it rsolves the issue.

Question: would it be feasible to use the automated Let's Encrypt SSL process from Admin Console with the auto-updater? With the new 200 day expiration of traditional SSL approaches, automating the whole process with a free Let's Encrypt certificate using a Claris blessed and enabled path, might be beneficial Removes a bunch of legwork, and takes just a couple minutes to set up.

We have been considering this, however there are problems.

We have servers running fms 19 to 26, and want a consistent approach if possible.

As we have servers in multiple time zones and servers need restarting after renewing an ssl certificate we want to be in control of when ssl renewals happen. To date we have used Andible to close databases, install new ssl, reboot servers and reopen databases at a time of our choosing.
Also the Andible playbook for building new servers uses the Admin API to configure fms which really needs the ssl installed. It may be possible to install a let’s encrypt ssl S part of the server build with Ansible.

I guess more research is needed…

Can't speak for versions prior to 2025 as my memory is not cooperating. I regularly update SSL certificates at fmcloud.fm and FileMaker Server 2025 and 2026 don't require a restart.