Starting in 2024.2, a certificate validation will be performed by the Flex client at login. This is a requirement on all workstations going forward from this version. This article will detail what to expect, and what you need to do to be prepared for the coming change.

What is it?

The certificate validation feature will enforce proper certificate hygiene. Much like when you are using your web browser and are stopped from going to an unsecure website, Flex will stop a client login if a certificate does not match expected criteria.

What will I see?

A pop up will appear when attempting to login to Flex:

The above example shows what happens if attempting to login with a hostname that does not match the common name value on your certificate. (i.e. fully qualified domain name does not match, IP address used)

This following example may show what happens if the certificate currently in place has issues decoding or otherwise has expired.

All of the above examples shown will log the user out once clicking OK. You will not be able to login to Flex on an encrypted port with a misconfigured certificate and/or hostname.

How do I address this?

Please ensure you have your trusted certificates in place before upgrading to 2024.2+!!!

We will be bringing this up with all upgrades to 2024.2+, however please do your own due diligence to make sure your system is configured properly. We do not have access to your DNS and cannot aid in your network configurations.

If you host any shared agencies - please configure a SAN certificate so these agencies can continue connecting to your server. Otherwise, notify the shared agencies that they need to enter your FQDN into their hosts file on their workstations, and begin using that hostname to login to Flex.

TO SUM UP:

• Please take any agencies that may share your server into consideration when creating and installing your certificate
• Please include these agencies in discussions about resolving the hostname/IP of your server using any Subject Alternative Names that may be applicable

Certificate flow chart:

This may be helpful in finding out where you are currently at with your certificate, and what step(s) you may need to take next. Again, please share this with any agencies that may also be connecting to your server so they can ensure this also.

For Unencrypted Logins?

Note that if you decide to login to Flex using port 4080 (unencrypted), you will be shown the following warning on the login screen: