To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

SSL problem in FSPMC 13.00

etomcat
etomcat W/ Alumni Posts: 1,172 Firewall Master

Hello,

 

What does this mean and is there a solution?

 

(The same credentials used to work for Active Directory Import Structure in previous versions, up to F-Secure Policy Manager Console 12.40)

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

 

******************************

 

ad_ssl_cert_error.png

Comments

  • RmB
    RmB W/ Alumni Posts: 23 Junior Protector

    Hi,

     

    Is FSPMC 13.00 already released?

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    I am using the 13.00 RC version, but I guess the RTM/Gold could be released as soon as this Friday, if the history of previous versions is any indication.

     

    Best Regards: Tamas Feher, Hungary.

  • RmB
    RmB W/ Alumni Posts: 23 Junior Protector

    Thank you for this information!

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello everybody,

     

    PM and CS 13.00 were already released today, few hours ago.

     

    Best regards,

    Vad

  • Rob-K
    Rob-K W/ Alumni Posts: 33 Junior Protector

    yes but with wrong keycodes for CS13

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    Hello Rob-K,

    CS13 requires new keycodes. Do you mean that provided keycode does not work for you?

  • Rob-K
    Rob-K W/ Alumni Posts: 33 Junior Protector

    Yes - when I access the license documents in the partner portal (for my self and my customers) the keycodes for version 13 do not work.

     

    For the V13 Premium they start with ****-

    for the V13 Standard they start with ****-

     

    when pushing the installation via Policymanager 13 - both generate a keycode expired message

     

    EDIT: Masked License code

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello Rob-K,

     

    The keycodes you mention are for 12.x clients. Please, try to clear the cache of your browser.

    We had checked, that partner portal contains correct keys.

     

    Best regards,

    Vad

  • Rob-K
    Rob-K W/ Alumni Posts: 33 Junior Protector

    ... they are on the PDF document! Not in Webpage

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    PDF should be fixed now. Please, check.

     

    Best regards,

    Vad

  • Rob-K
    Rob-K W/ Alumni Posts: 33 Junior Protector

    indeed - PDFs are fixed now

  • hussainbah
    hussainbah W/ Alumni Posts: 12 Security Scout

    Thanks for your reply, i has same problem while the PM is already joint the domin and firewall is off on both servers (AD and PM)

     

    please give direct instruction or direct me to the right document

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    Hello hussainbah,

    Do you have the same error “Failed to verify SSL server certificate”?
    Could you please check if CA certificate was imported to the Windows Trusted Root Certification Authorities?
    If it is acceptable in your environment, you can still use LDAP without SSL.

    Alexander

  • DaPolice
    DaPolice W/ Alumni Posts: 1 Security Scout

    That the most lousy piece of support i have ever seen for an enterprise product. No step by step instructions and the error message in the application isnt even detailed enough to give the installer a proper overview of the issue. and the documentation for it is non exisitant or basically the same as what you have stated. I would get my money back if i were one of the users with this issue. Getting support over the phone is another hassle.

  • Joe31
    Joe31 W/ Alumni Posts: 3 Security Scout

    Hi.... wich certificate? From der PM Server to the AD-Server or the otherway?? 

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    Hi Joe31,

    If Windows host running Policy Manager Server is joined to the domain, you do not need to import anything, LDAP server certificate validation should work out of the box.

    If PMS fails to verify LDAPS server certificate, you need to establish trust relationship manually by importing CA certificate (LDAP server certificate issuer) to the Windows Trusted Root Certification Authorities at PMS host.

    For Linux it’s a bit more complex. Check the page in the Admin Guide for further details: https://help.f-secure.com/product.html#business/policy-manager/14.00/en/task_A2581FFE289649E6A64D0BE5182E86AF-14.00-en

     

    Alexander

  • DX
    DX W/ Alumni Posts: 1 Security Scout

    Hi There,

     

    getting similar error Policy manager & Console on AD server any sujjestions?

     

    DX

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    Hi DX,

    What is your PM version? What did you try from suggestions above?

     

    Alexander

  • Joe31
    Joe31 W/ Alumni Posts: 3 Security Scout

    The windows host is fully joined member of the AD Domain an it still does not accept the ssl certificat. Using LDAP instead of LDAPS works fine.  I can no finde a certificate with the name "LADP server certificate issuer" on the PDC nor on the PMS

     

    If have about 40 CA certificates on the PDC but not one that I could relate to the LDAP issuer.

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    Which Policy Manager version are you using?

  • Joe31
    Joe31 W/ Alumni Posts: 3 Security Scout

    The newest one, just installed it, and was hopeing the issue will resove itself...

     

    Version 14 bulid 87145 64bit

  • A_Grinkevitch
    A_Grinkevitch W/ Partner, W/ Staff, W/ Product Leadership Posts: 169 Threat Terminator

    PM 14.01 is coming in a week, it contains LDAPS improvements. Please post in this thread if your problem will be resolved.

     

    Alexander

This discussion has been closed.