Managing Server Certificates

Note: This content is no longer updated. For the latest content, please go to the user guide for M-Files Online. For information on the supported product versions, refer to our lifecycle policy.

When you use the gRPC protocol for connections between the M-Files server and M-Files clients, a valid TLS certificate must be in use on the server for connection security and encryption. If the certificate cannot be found, it is outdated, or it will become outdated in a week or less, a warning icon () is shown in the M-Files Admin user interface.

Before you start, make sure that you have a TLS certificate and a private key for the certificate. For information about digital certificates, refer to information given by certificate authorities. For example, Verisign, IdenTrust, or DigiCert. You can also create your own certificate, for example, with OpenSSL.

The best practice is to use certificates by well-known public authorities, such as certificates that are commonly used in public web servers. Otherwise, when you use self-signed certificates, you must add the corresponding public keys to the Trusted Root Certification Authorities certificate store of the client computers. This way the signatures can be properly verified on systems that access the M-Files server with gRPC. Make sure that you add the signing certificate under the Local Computer and Current User certificate stores. The client computer must be able to verify the entire certificate chain. If any of the signatures cannot be verified, the connection cannot be opened.

To set up a server certificate:

  1. Open M-Files Admin.
  2. Right-click a connection to M-Files server.
  3. Click Manage Server Certificate
    Result:The Server Certificate Management dialog is opened.
  4. Enable the option Use a TLS certificate.
  5. Under the Private Key section, click Change.
    Result:An Open dialog for selecting the private key is opened.
  6. Locate and double-click a valid private key (a KEY file) to put it to use.
    The key must be in the format specified by either the PKCS8 or the PKCS1 standard.
  7. Under the Certificate section, click Change.
    Result:An Open dialog for selecting the certificate file is opened.
  8. Locate and double-click a valid TLS certificate (a CRT file) to put it to use.
    The certificate must be in PEM (Privacy-Enhanced Mail) format.
  9. Make sure the certificate details are as expected and click OK.
The certificate is now in use for connections between the M-Files server and M-Files clients.