Hi Adrian, thank you for the idea. We have to support the full sortiment of operating systems available. And so I found the command CURL very usefull. It has a bunch of options, but there are no deviation on each architectures options. And it has choices for deep inspection of multiple protocols and is also available on MS Windows from stock. For pure connection inspection you can use i.e. "curl -vki https://flexbeacon". Second test might be the reachability of Certificate Authority (Port 80 !), potentially it is in another DMZ. And if there are network related showstoppers, you have to dive deeper. How already mentioned, because of security concerns are there some protocols barred from use. So ping and oldstyle traceroute might not work. But because you are only interested in TCP-traffic of HTTP protocol, you are lucky to use your "netstat -an" to analyse your stack of TCP-ports.  Filtering it with grep/findstr for status "SYN" or "FIN" will give you hints for broken network connections. Your network dude will appreciate your hints. Kind regards, Juergen ... View more

I don't own this software. But the message is "the server response was signed". So try to evaluate the server keystore for timed out certificates. They must have the capabilities for signing software and at least one of them must be replaced. Often there are "chain of trusts" with public parts for root certificates, intermediate certificates and derived personal and specialized application keystores. On windows you get an idea  by using "mmc.exe" with certificate-plugin for computer account. You can delete all certificates beyond end of lifetime, they'll never again give usable results. Anyways, It seems like flexera have a task for support with new certificates. with kind regards, Juergen ... View more