Managing Server Certificates
Before you set up a server certificate, refer to Setting Up M-Files to Use gRPC in M-Files Support Portal to learn more about server certificates.
Important information
When you use the gRPC protocol for connections between the M-Files server and M-Files clients, a valid TLS certificate must be in use on the server for connection security and encryption. If the certificate cannot be found, it is outdated, or it will become outdated in a week or less, a warning icon () is shown in the M-Files Admin user interface.
Make sure that you have a TLS certificate and a private key for the certificate. For information about digital certificates, refer to information given by certificate authorities. For example, Verisign, IdenTrust, or DigiCert. You can also create your own certificate, for example, with OpenSSL.
The best practice is to use certificates by well-known public authorities, such as certificates that are commonly used in public web servers. Otherwise, when you use self-signed certificates, you must add the corresponding public keys to the Trusted Root Certification Authorities certificate store of the client computers. This way the signatures can be properly verified on systems that access the M-Files server with gRPC. Make sure that you add the signing certificate under the Local Computer and Current User certificate stores. The client computer must be able to verify the entire certificate chain. If any of the signatures cannot be verified, the connection cannot be opened.
- For the connection to be operational, you must enable Enforce encrypted connection in Connection Properties. If you are using a self-signed certificate, disable Require server authentication. For more information, see Adding a New Connection to M-Files Server.
To set up a server certificate: