Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

SSL problem in FSPMC 13.00

etomcatetomcat Posts: 1,318 Superuser

Hello,

 

What does this mean and is there a solution?

 

(The same credentials used to work for Active Directory Import Structure in previous versions, up to F-Secure Policy Manager Console 12.40)

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

 

******************************

 

ad_ssl_cert_error.png

Best Answer

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee
    Accepted Answer

    Hello Tamas,

     

    As of version 13.00, Policy Manager uses LDAPS (secure LDAP) by default to connect to the Domain Controller (DC) for Active Directory. On Windows, Policy Manager uses the Windows trust store to handle authentication to the DC seamlessly. You must import CA to the Windows Trusted Root Certification Authorities if PM host is outside of the domain network.

    On Linux, you must import the company certificate in Policy Manager Server's Java runtime trust store to authenticate the DC.

    Alternatively, you can use plain LDAP to connect to the DC.

     

    Alexander

    etomcatLaksh

Comments

  • RmBRmB Posts: 31

    Hi,

     

    Is FSPMC 13.00 already released?

    Ben
  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    I am using the 13.00 RC version, but I guess the RTM/Gold could be released as soon as this Friday, if the history of previous versions is any indication.

     

    Best Regards: Tamas Feher, Hungary.

    RmB
  • RmBRmB Posts: 31

    Thank you for this information!

  • VadVad Posts: 1,050 F-Secure Employee

    Hello everybody,

     

    PM and CS 13.00 were already released today, few hours ago.

     

    Best regards,

    Vad

    etomcatA-Grinkevitch
  • Rob-KRob-K Posts: 33

    yes but with wrong keycodes for CS13

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hello Rob-K,

    CS13 requires new keycodes. Do you mean that provided keycode does not work for you?

  • Rob-KRob-K Posts: 33

    Yes - when I access the license documents in the partner portal (for my self and my customers) the keycodes for version 13 do not work.

     

    For the V13 Premium they start with ****-

    for the V13 Standard they start with ****-

     

    when pushing the installation via Policymanager 13 - both generate a keycode expired message

     

    EDIT: Masked License code

  • VadVad Posts: 1,050 F-Secure Employee

    Hello Rob-K,

     

    The keycodes you mention are for 12.x clients. Please, try to clear the cache of your browser.

    We had checked, that partner portal contains correct keys.

     

    Best regards,

    Vad

  • Rob-KRob-K Posts: 33

    ... they are on the PDF document! Not in Webpage

  • VadVad Posts: 1,050 F-Secure Employee

    PDF should be fixed now. Please, check.

     

    Best regards,

    Vad

    etomcatLaksh
  • Rob-KRob-K Posts: 33

    indeed - PDFs are fixed now

  • Thanks for your reply, i has same problem while the PM is already joint the domin and firewall is off on both servers (AD and PM)

     

    please give direct instruction or direct me to the right document

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hello hussainbah,

    Do you have the same error “Failed to verify SSL server certificate”?
    Could you please check if CA certificate was imported to the Windows Trusted Root Certification Authorities?
    If it is acceptable in your environment, you can still use LDAP without SSL.

    Alexander

  • DaPoliceDaPolice Posts: 1

    That the most lousy piece of support i have ever seen for an enterprise product. No step by step instructions and the error message in the application isnt even detailed enough to give the installer a proper overview of the issue. and the documentation for it is non exisitant or basically the same as what you have stated. I would get my money back if i were one of the users with this issue. Getting support over the phone is another hassle.

    Joe31
  • Joe31Joe31 Posts: 3

    Hi.... wich certificate? From der PM Server to the AD-Server or the otherway?? 

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hi Joe31,

    If Windows host running Policy Manager Server is joined to the domain, you do not need to import anything, LDAP server certificate validation should work out of the box.

    If PMS fails to verify LDAPS server certificate, you need to establish trust relationship manually by importing CA certificate (LDAP server certificate issuer) to the Windows Trusted Root Certification Authorities at PMS host.

    For Linux it’s a bit more complex. Check the page in the Admin Guide for further details: https://help.f-secure.com/product.html#business/policy-manager/14.00/en/task_A2581FFE289649E6A64D0BE5182E86AF-14.00-en

     

    Alexander

  • DXDX Posts: 1

    Hi There,

     

    getting similar error Policy manager & Console on AD server any sujjestions?

     

    DX

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Hi DX,

    What is your PM version? What did you try from suggestions above?

     

    Alexander

  • Joe31Joe31 Posts: 3

    The windows host is fully joined member of the AD Domain an it still does not accept the ssl certificat. Using LDAP instead of LDAPS works fine.  I can no finde a certificate with the name "LADP server certificate issuer" on the PDC nor on the PMS

     

    If have about 40 CA certificates on the PDC but not one that I could relate to the LDAP issuer.

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    Which Policy Manager version are you using?

  • Joe31Joe31 Posts: 3

    The newest one, just installed it, and was hopeing the issue will resove itself...

     

    Version 14 bulid 87145 64bit

  • A-GrinkevitchA-Grinkevitch Posts: 162 F-Secure Employee

    PM 14.01 is coming in a week, it contains LDAPS improvements. Please post in this thread if your problem will be resolved.

     

    Alexander

This discussion has been closed.