Options
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 9 subscribers
  • Views 1263 views
  • Users 0 members are here
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

gRPC Connection fails (on premise server)

e-dox-AJ

Hello guys,

i cant get gRPC to run and hope someone can give me a hint or so.

Our Server is configured well to RPC over HTTPS and connection from outside is possible. The same with M-Files Web Access over Https is configured.

What ive done: 

Like in  the manual i created a registry key "gRPCEndpoint" and gave it the value 7766.

I have created a TLS cert over Letz Encrypt. The private Key is in PKCS1 format and the certificate in PKCS12 format. Both in PEM format an base64 encoded.

i ve installed the cert in M-Files Admin and at the client pc. Also i installed it at Server PC as Current User and Local Mashine Certificate. 

Common Name of certificate ist the same in as full qualified DNS of the server.

In firewall i opened the port 7766 ingoing on server and outgoing on client pc.

As i said before, i hope anyone can give me a hint, or can say what i missed.

Thank you 
regards

Andre

Parents
  • +1

    One thing that had me on the hook the first time was that the certificate needs to have the full line of steps all the way back to the root authority. It turned out to be relatively simple - you can edit the .crt file in NotePad or NotePad++ if you like.
    You simply need to paste each step in the authority path into the file like this:

    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----

    I believe there were some sort of indication in the Server Certificate Management popup if the certificate does not meet specifications.

Reply
  • +1

    One thing that had me on the hook the first time was that the certificate needs to have the full line of steps all the way back to the root authority. It turned out to be relatively simple - you can edit the .crt file in NotePad or NotePad++ if you like.
    You simply need to paste each step in the authority path into the file like this:

    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <certificate code>
    -----END CERTIFICATE-----

    I believe there were some sort of indication in the Server Certificate Management popup if the certificate does not meet specifications.

Children
  • 0 in reply to bright-ideas.dk

    Thank you for the fast reply. I ve checked it and the Certificate has all 3 steps to root Authority in it in full line. I checked The private Key too and here its the same 

    -----BEGIN PRIVATE KEY-----

    <Code>

    -----END PRIVATE KEY-----

    That means the Certificate is working with M-Files right?

    Do you have any other ideas?

  • 0 in reply to e-dox-AJ

    The best suggestion is to double check every little step in the configuration guide against your actual configuration. The devil is in the detail. Sometimes you see things differently if you go through them again after a day or two.

  • 0 in reply to bright-ideas.dk

    I ve figured it out. After reading the manual i think for the 25000th time :) i have checked the steps to the root CA. And there was the issue. The root was in the certificate as well, but M-Files dont need it. Now it works and im so happy about it.

  • 0 in reply to e-dox-AJ

    Hi there, 

    As we struggling with server certificate as it seems, I would like to understand this better. You have mentioned above that you have installed certificate on client as well. I can not recall we have done anything like that on DEV environment but it worked well. Why would you install server certificate on client?

    I see your problem was actually the point 3 where you have add root certificate as well into your server certificate. We have to check that as well. 

    I have checked briefly that server certificate on client and could verify that root CA, intermediate CA and basically whole chain in certificate is provided. Not quite sure if certificates are provided though in those local machine certificate store on client.

    I will go step by step through those steps, it must be something we miss.

    Dejan

  • 0 in reply to dejan

    I did not install the certificate ON the client but FROM admin on a client.

  • 0 in reply to dejan

    Hi,

    The CA certficate must be in the trusted certification authorities on the M-files Server and on the client’s, the server certificates must be in the intermedia certification authories / certification on the M-Files Server an on the client’s. In each case in the computer account. Thats work for us.

    Arno





              

© M-Files Corporation 2024 | Privacy Policy