Managing Server Certificates

Before you set up a server certificate, refer to Setting Up M-Files to Use gRPC in M-Files Support Portal to learn more about server certificates.

When you use the gRPC protocol for connections between the M-Files server and M-Files clients, a valid TLS certificate must be in use on the server for connection security and encryption. If the certificate cannot be found, it is outdated, or it will become outdated in a week or less, a warning icon () is shown in the M-Files Admin user interface.

Before you start, make sure that you have a TLS certificate and a private key for the certificate. For information about digital certificates, refer to information given by certificate authorities. For example, Verisign, IdenTrust, or DigiCert. You can also create your own certificate, for example, with OpenSSL.

The best practice is to use certificates by well-known public authorities, such as certificates that are commonly used in public web servers. Otherwise, when you use self-signed certificates, you must add the corresponding public keys to the Trusted Root Certification Authorities certificate store of the client computers. This way the signatures can be properly verified on systems that access the M-Files server with gRPC. Make sure that you add the signing certificate under the Local Computer and Current User certificate stores. The client computer must be able to verify the entire certificate chain. If any of the signatures cannot be verified, the connection cannot be opened.

To set up a server certificate:

  1. Open M-Files Admin.
  2. Right-click a connection to M-Files server.
  3. Click Manage Server Certificate.
    Result:The Server Certificate Management dialog is opened.
  4. Enable the option Use a TLS certificate.
  5. Under the Private Key section, click Change.
    Result:An Open dialog for selecting the private key is opened.
  6. Locate and double-click a valid private key (a KEY file) to put it to use.
    EC and RSA certificates are supported. EC keys must be in the PKCS#8 format and RSA keys in the PKCS#1 format.
    For more information, refer to the server certificate section in Setting Up M-Files to Use gRPC.
  7. Under the Certificate section, click Change.
    Result:An Open dialog for selecting the certificate file is opened.
  8. Locate and double-click a valid TLS certificate (a CRT file) to put it to use.
    The certificate must be in PEM (Privacy-Enhanced Mail) format.
  9. Make sure the certificate details are as expected and click OK.
The certificate is now in use for connections between the M-Files server and M-Files clients.