SSL problem in FSPMC 13.00

etomcat

Hello,

 

What does this mean and is there a solution?

 

(The same credentials used to work for Active Directory Import Structure in previous versions, up to F-Secure Policy Manager Console 12.40)

 

Thanks in advance, Yours Sincerely: Tamas Feher, Hungary.

 

******************************

 

A_Grinkevitch

Hello Tamas,

 

As of version 13.00, Policy Manager uses LDAPS (secure LDAP) by default to connect to the Domain Controller (DC) for Active Directory. On Windows, Policy Manager uses the Windows trust store to handle authentication to the DC seamlessly. You must import CA to the Windows Trusted Root Certification Authorities if PM host is outside of the domain network.

On Linux, you must import the company certificate in Policy Manager Server's Java runtime trust store to authenticate the DC.

Alternatively, you can use plain LDAP to connect to the DC.

 

Alexander

RmB

Hi,

 

Is FSPMC 13.00 already released?

etomcat

Hello,

 

I am using the 13.00 RC version, but I guess the RTM/Gold could be released as soon as this Friday, if the history of previous versions is any indication.

 

Best Regards: Tamas Feher, Hungary.

RmB

Thank you for this information!

Vad

Hello everybody,

 

PM and CS 13.00 were already released today, few hours ago.

 

Best regards,

Vad

Rob-K

yes but with wrong keycodes for CS13

A_Grinkevitch

Hello Rob-K,

CS13 requires new keycodes. Do you mean that provided keycode does not work for you?

Rob-K

Yes - when I access the license documents in the partner portal (for my self and my customers) the keycodes for version 13 do not work.

 

For the V13 Premium they start with ****-

for the V13 Standard they start with ****-

 

when pushing the installation via Policymanager 13 - both generate a keycode expired message

 

EDIT: Masked License code

Vad

Hello Rob-K,

 

The keycodes you mention are for 12.x clients. Please, try to clear the cache of your browser.

We had checked, that partner portal contains correct keys.

 

Best regards,

Vad

Rob-K

... they are on the PDF document! Not in Webpage

Vad

PDF should be fixed now. Please, check.

 

Best regards,

Vad

Rob-K

indeed - PDFs are fixed now

hussainbah

Thanks for your reply, i has same problem while the PM is already joint the domin and firewall is off on both servers (AD and PM)

 

please give direct instruction or direct me to the right document

A_Grinkevitch

Hello hussainbah,

Do you have the same error “Failed to verify SSL server certificate”?
Could you please check if CA certificate was imported to the Windows Trusted Root Certification Authorities?
If it is acceptable in your environment, you can still use LDAP without SSL.

Alexander

DaPolice

That the most lousy piece of support i have ever seen for an enterprise product. No step by step instructions and the error message in the application isnt even detailed enough to give the installer a proper overview of the issue. and the documentation for it is non exisitant or basically the same as what you have stated. I would get my money back if i were one of the users with this issue. Getting support over the phone is another hassle.

Joe31

Hi.... wich certificate? From der PM Server to the AD-Server or the otherway?? 

A_Grinkevitch

Hi Joe31,

If Windows host running Policy Manager Server is joined to the domain, you do not need to import anything, LDAP server certificate validation should work out of the box.

If PMS fails to verify LDAPS server certificate, you need to establish trust relationship manually by importing CA certificate (LDAP server certificate issuer) to the Windows Trusted Root Certification Authorities at PMS host.

For Linux it’s a bit more complex. Check the page in the Admin Guide for further details: https://help.f-secure.com/product.html#business/policy-manager/14.00/en/task_A2581FFE289649E6A64D0BE5182E86AF-14.00-en

 

Alexander

DX

Hi There,

 

getting similar error Policy manager & Console on AD server any sujjestions?

 

DX

A_Grinkevitch

Hi DX,

What is your PM version? What did you try from suggestions above?

 

Alexander

Joe31

The windows host is fully joined member of the AD Domain an it still does not accept the ssl certificat. Using LDAP instead of LDAPS works fine.  I can no finde a certificate with the name "LADP server certificate issuer" on the PDC nor on the PMS

 

If have about 40 CA certificates on the PDC but not one that I could relate to the LDAP issuer.

A_Grinkevitch

Which Policy Manager version are you using?

Joe31

The newest one, just installed it, and was hopeing the issue will resove itself...

 

Version 14 bulid 87145 64bit

A_Grinkevitch

PM 14.01 is coming in a week, it contains LDAPS improvements. Please post in this thread if your problem will be resolved.

 

Alexander