Managing Server Certificates

Note: The information on this page is applicable to on-premises environments only.

Before you set up a server certificate, refer to Setting Up M-Files to Use gRPC in M-Files Support Portal to learn more about server certificates.

Important information

  • When you use the gRPC protocol for connections between the M-Files server and M-Files clients, a valid TLS certificate must be in use on the server for connection security and encryption. If the certificate cannot be found, it is outdated, or it will become outdated in a week or less, a warning icon () is shown in the M-Files Admin user interface.

  • Make sure that you have a TLS certificate and a private key for the certificate. For information about digital certificates, refer to information given by certificate authorities. For example, Verisign, IdenTrust, or DigiCert. You can also create your own certificate, for example, with OpenSSL.

  • The best practice is to use certificates by well-known public authorities, such as certificates that are commonly used in public web servers. Otherwise, when you use self-signed certificates, you must add the corresponding public keys to the Trusted Root Certification Authorities certificate store of the client computers. This way the signatures can be properly verified on systems that access the M-Files server with gRPC. Make sure that you add the signing certificate under the Local Computer and Current User certificate stores. The client computer must be able to verify the entire certificate chain. If any of the signatures cannot be verified, the connection cannot be opened.

  • For the connection to be operational, you must enable Enforce encrypted connection in Connection Properties. If you are using a self-signed certificate, disable Require server authentication. For more information, see Adding a New Connection to M-Files Server.

To set up a server certificate:

  1. Open M-Files Admin.
  2. Right-click a connection to M-Files server.
  3. Click Manage Server Certificate.
    Result:The Server Certificate Management dialog is opened.
  4. Enable the option Use a TLS certificate.
  5. Under the Private Key section, click Change.
    Result:An Open dialog for selecting the private key is opened.
  6. Locate and double-click a valid private key (a KEY file) to put it to use.
    EC and RSA certificates are supported. EC keys must be in the PKCS#8 format and RSA keys in the PKCS#1 format.
    For more information, refer to the server certificate section in Setting Up M-Files to Use gRPC.
  7. Under the Certificate section, click Change.
    Result:An Open dialog for selecting the certificate file is opened.
  8. Locate and double-click a valid TLS certificate (a CRT file) to put it to use.
    The certificate must be in PEM (Privacy-Enhanced Mail) format.
  9. Make sure the certificate details are as expected and click OK.
The certificate is now in use for connections between the M-Files server and M-Files clients.