gRPC Connection fails (on premise server)

Hello guys,

i cant get gRPC to run and hope someone can give me a hint or so.

Our Server is configured well to RPC over HTTPS and connection from outside is possible. The same with M-Files Web Access over Https is configured.

What ive done: 

Like in  the manual i created a registry key "gRPCEndpoint" and gave it the value 7766.

I have created a TLS cert over Letz Encrypt. The private Key is in PKCS1 format and the certificate in PKCS12 format. Both in PEM format an base64 encoded.

i ve installed the cert in M-Files Admin and at the client pc. Also i installed it at Server PC as Current User and Local Mashine Certificate. 

Common Name of certificate ist the same in as full qualified DNS of the server.

In firewall i opened the port 7766 ingoing on server and outgoing on client pc.

As i said before, i hope anyone can give me a hint, or can say what i missed.

Thank you 
regards

Andre

  • One thing that had me on the hook the first time was that the certificate needs to have the full line of steps all the way back to the root authority. It turned out to be relatively simple - you can edit the .crt file in NotePad or NotePad++ if you like.
    You simply need to paste each step in the authority path into the file like this:

    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----

    I believe there were some sort of indication in the Server Certificate Management popup if the certificate does not meet specifications.

  • Thank you for the fast reply. I ve checked it and the Certificate has all 3 steps to root Authority in it in full line. I checked The private Key too and here its the same 

    -----BEGIN PRIVATE KEY-----

    <Code>

    -----END PRIVATE KEY-----

    That means the Certificate is working with M-Files right?

    Do you have any other ideas?

  • The best suggestion is to double check every little step in the configuration guide against your actual configuration. The devil is in the detail. Sometimes you see things differently if you go through them again after a day or two.

  • I ve figured it out. After reading the manual i think for the 25000th time :) i have checked the steps to the root CA. And there was the issue. The root was in the certificate as well, but M-Files dont need it. Now it works and im so happy about it.