Last year, I submitted an idea to enable HTTPS and enable the site for Token Authentication (Entra/IdP) for AdvancedMES. This idea has expired for lack of enthusiasm.
Is it true that AMES users want credentials sent in the clear? Does Epicor feel that unencrypted BASIC security is good enough?
The other is a new idea that suggests that since Self-Signed Certs are not really recommended by Epicor that Epicor create a paid service similar to CertifyTheWeb.com or Azure’s certificate service so it’s easier to issue, renew, and deploy certs for Epicor users. This would solve soooo many problems working with external services like EKW, PostMan, Workato, Azure, etc.
LOL - I almost commented on Friday seeing as I was the 3rd person that was still at work on Friday at that time.
AMES - yes - totally agree, but don’t use it so I must have missed your idea posting.
Certs - I kind of disagree. I think Epicor needs to stay in its own lane and open the door for using other services like this. Everyone has a different degree of security they’d like to (afford to) implement and/or already has something in place and Epicor has not kept up. This is NOT my area of expertise, but I know there is some uniformity when allowing 3rd party identity providers into your app. Would it be that hard?
What I’m suggesting is similar to what they are doing with Workato, Ancora, BarTender, Sage Clarity, Cad*Link, Precise, BISCiT, ETQ, Alavara, Forecast Pro, etc.
Many cloud companies offer certificate services: AWS, Azure, most domain companies, etc. And since Epicor is working towards becoming a cloud company, why not? I read the threads here people spending days and weeks with certificate problems and I can only imagine what Support has to handle as well. Why not turn a problem into a profit?
As for cost, my development setup for three servers is less than $1 USD/month which should be well within the budget for anyone here. This includes the cert, a key-vault, AND automatic renewals with deployment.
And this just in from Microsoft, SQL Server Management Server 20.0 is going to require a cert at your SQL Server by default. I think you’ll be able to ignore it for a release or two but it’s coming…even for us on premises folks.
100% agree. Always use already established and proven security, or invest a substantial portion of business in producing and sustaining security and also start from something already established and proven.
It’s a classic software blunder, only slightly less well known than assuming things about date/time.
Advanced MES is the artist formerly known as Mattec. AMES has a web front end and a C++ client. The web front end is only HTTP and not HTTPS. That is the Epicor Idea that expired with not enough interest. Users log into the Web HMI and that username password is only BASE64 encoded and could be sniffed out easily.
EKW uses the Chrome engine to make connections and, along with Microsoft, Google is getting more and more strict with cert usage. That was the problem with EKW. A cert had to have particular usages enabled.
100% agree. What I’m asking is that Epicor take an interest in getting trusted certs into the hands of their customers, since that is their recommendation in the Install Guide. Of course, they already do for the Cloud Customers.
Perhaps a simple “Get Cert” button in the App Console that could generate the REQ, submit it, and instantly return a Cert from one of the trusted services (acting as a middle man). Maybe that’s as far as this goes.
I was thinking that you meant Epicor is to be the Cert Authority and must provide the 7x24 service (and support) for the whole thing.
Yes, this is what I’m talking about. Partner with someone to make this a whole lot easier. I would also add automatic renewal since Google has hinted that cert lifetimes may be shortened to around 90 days. We don’t want to have to manage this kind of work manually.
