Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

SSL problem in FSPMC 13.00



What does this mean and is there a solution?


(The same credentials used to work for Active Directory Import Structure in previous versions, up to F-Secure Policy Manager Console 12.40)


Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.





Best Answer

  • A-GrinkevitchA-Grinkevitch Posts: 161
    Accepted Answer

    Hello Tamas,


    As of version 13.00, Policy Manager uses LDAPS (secure LDAP) by default to connect to the Domain Controller (DC) for Active Directory. On Windows, Policy Manager uses the Windows trust store to handle authentication to the DC seamlessly. You must import CA to the Windows Trusted Root Certification Authorities if PM host is outside of the domain network.

    On Linux, you must import the company certificate in Policy Manager Server's Java runtime trust store to authenticate the DC.

    Alternatively, you can use plain LDAP to connect to the DC.




  • RmBRmB Posts: 31



    Is FSPMC 13.00 already released?

  • etomcatetomcat Posts: 1,312



    I am using the 13.00 RC version, but I guess the RTM/Gold could be released as soon as this Friday, if the history of previous versions is any indication.


    Best Regards: Tamas Feher, Hungary.

  • RmBRmB Posts: 31

    Thank you for this information!

  • VadVad Posts: 1,048

    Hello everybody,


    PM and CS 13.00 were already released today, few hours ago.


    Best regards,


  • Rob-KRob-K Posts: 33

    yes but with wrong keycodes for CS13

  • Hello Rob-K,

    CS13 requires new keycodes. Do you mean that provided keycode does not work for you?

  • Rob-KRob-K Posts: 33

    Yes - when I access the license documents in the partner portal (for my self and my customers) the keycodes for version 13 do not work.


    For the V13 Premium they start with ****-

    for the V13 Standard they start with ****-


    when pushing the installation via Policymanager 13 - both generate a keycode expired message


    EDIT: Masked License code

  • VadVad Posts: 1,048

    Hello Rob-K,


    The keycodes you mention are for 12.x clients. Please, try to clear the cache of your browser.

    We had checked, that partner portal contains correct keys.


    Best regards,


  • Rob-KRob-K Posts: 33

    ... they are on the PDF document! Not in Webpage

  • VadVad Posts: 1,048

    PDF should be fixed now. Please, check.


    Best regards,


  • Rob-KRob-K Posts: 33

    indeed - PDFs are fixed now

  • Thanks for your reply, i has same problem while the PM is already joint the domin and firewall is off on both servers (AD and PM)


    please give direct instruction or direct me to the right document

  • Hello hussainbah,

    Do you have the same error “Failed to verify SSL server certificate”?
    Could you please check if CA certificate was imported to the Windows Trusted Root Certification Authorities?
    If it is acceptable in your environment, you can still use LDAP without SSL.


  • DaPoliceDaPolice Posts: 1

    That the most lousy piece of support i have ever seen for an enterprise product. No step by step instructions and the error message in the application isnt even detailed enough to give the installer a proper overview of the issue. and the documentation for it is non exisitant or basically the same as what you have stated. I would get my money back if i were one of the users with this issue. Getting support over the phone is another hassle.

  • Joe31Joe31 Posts: 3

    Hi.... wich certificate? From der PM Server to the AD-Server or the otherway?? 

  • Hi Joe31,

    If Windows host running Policy Manager Server is joined to the domain, you do not need to import anything, LDAP server certificate validation should work out of the box.

    If PMS fails to verify LDAPS server certificate, you need to establish trust relationship manually by importing CA certificate (LDAP server certificate issuer) to the Windows Trusted Root Certification Authorities at PMS host.

    For Linux it’s a bit more complex. Check the page in the Admin Guide for further details:



  • DXDX Posts: 1

    Hi There,


    getting similar error Policy manager & Console on AD server any sujjestions?



  • Hi DX,

    What is your PM version? What did you try from suggestions above?



  • Joe31Joe31 Posts: 3

    The windows host is fully joined member of the AD Domain an it still does not accept the ssl certificat. Using LDAP instead of LDAPS works fine.  I can no finde a certificate with the name "LADP server certificate issuer" on the PDC nor on the PMS


    If have about 40 CA certificates on the PDC but not one that I could relate to the LDAP issuer.

  • Which Policy Manager version are you using?

  • Joe31Joe31 Posts: 3

    The newest one, just installed it, and was hopeing the issue will resove itself...


    Version 14 bulid 87145 64bit

  • PM 14.01 is coming in a week, it contains LDAPS improvements. Please post in this thread if your problem will be resolved.



This discussion has been closed.