WebDirect doesn´t work with SSL-certificate

My ssl-certificate seems to be breaking the WebDirect functionality. When i use the standard certificate i get the red info-box saying that i should´t use this cert, but the Apps work. However as soon as i put in my own certificate the WebDirect page shows no apps and when i try to connect to an app directly it says "error - database not available", but still says the certificate is valid in my browser and also in the admin console. (This does not affect FMA or FMGO clients) This error happens since i changed my old certificate for a new valid one. (Note: my certificate is selfmade with Let´s encrypt and OpenSSL - however this worked fine until yesterday when the last certificate went unvalid) I already tried several clean and dirty reinstalls/repairs of FMS. I tried different Java-setups including OpenJDK, OracleJDK and Amazon Coretto. Has anybody ever had a similar problem and fixed it? Or any ideas what i could try? I appreciate any comments

1 Like

Are you using a multi-machine server setup?

No, it´s a one machine setup.

Let's Encrypt certs are not supported or officially tested so they've always been a bit iffy in that respect. Can you elaborate a bit on the process of how you remove the old cert and install the new one?

More often than not the issues with cert are because of basic incompatibility (rare) or because no intermediate cert is imported together with the rest of it.

Hi Wim thanks for your reply,
i removed the old cert some tries with "fmsadmin certificate delete ..." and some with the manual version inside the admin console gui. Also did the import the same way ("fmsadmin certificate import ..." and gui). Didn´t work either way (i mean it works for the FMGO clients, just not webdirect).
And i know that Let´s encrypt is not officially supported, but it worked flawless, until i needed to update the cert. I start to think it has something to do with the Server itself. Maybe not forwarding the requests correctly. But i´m not sure how to check that.

After over a week of trying almost everything, i came to the conclusion that it can´t have anything to do with FMS. So i started fiddling around with the SSL settings on my IIS and later found out that my old certificate must have hung around in the server config (i don´t know exactly how that works) but after i installed the certificate again inside fms, i did a full restart of my server-machine and voila - IT WORKS AGAIN. I feel like the dumbest man alive. Why didn´t i think of a machine-restart? Anyway thanks for your input, and have a nice day.

1 Like