Managing Server Certificates
When you use the gRPC protocol for connections between the M-Files server and M-Files clients, a valid TLS certificate must be in use on the server for connection security and encryption. If the certificate cannot be found, it is outdated, or it will become outdated in a week or less, a warning icon () is shown in the M-Files Admin user interface.
Before you start, make sure that you have a TLS certificate and a private key for the certificate. For information about digital certificates, refer to information given by certificate authorities. For example, Verisign, IdenTrust, or DigiCert. You can also create your own certificate, for example, with OpenSSL.
The best practice is to use certificates by well-known public authorities, such as certificates that are commonly used in public web servers. Otherwise, when you use self-signed certificates, you must add the corresponding public keys to the Trusted Root Certification Authorities certificate store of the client computers. This way the signatures can be properly verified on systems that access the M-Files server with gRPC. Make sure that you add the signing certificate under the Local Computer and Current User certificate stores. The client computer must be able to verify the entire certificate chain. If any of the signatures cannot be verified, the connection cannot be opened.
To set up a server certificate: