Avalara Tax Connect Issue

We lost Avalara Tax Connect connection seemly at random. One day later, Aug 9, Avalara announced they had updated the SSL Cert.

The error we receive after updating all certificates in our …java/lib/security/cacerts directory is:

java.net.SocketException: Default SSL context init failed: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size.

We have seen the two previous Topics here, neither has helped. We have tried in both 2003 and 2008 with native SSL2.0 and TLS1.2 active. Neither Avalara or Epicor have found a solution yet.

Other info: Java 1.7, Epicor 8.0.3, Windows 2008 SP2.

Avalara has confirmed that account is good, certs are valid, and NO connection attempts have been attempted since Aug 8. (Despite 100s of attempts during troubleshooting).

Anyone go through this issue before? Next steps? We have assumed it is a certificate install issue or a SSL/TLS issue but no troubleshooting has proved that out yet.

I’m guessing they changed to a new cipher that your server doesn’t support. What are you running this on? Server 2003?2008?

Never mind I see now if I remember correctly Java has a preset number of ciphers it supports and I assume the new cipher isn’t supported in your version of Java

Yup looks like Java 1.d doesn’t support keys longer than 2048 hmm

Try this solution of adding additional ciphers to your jre

Thanks so much. We tried this, no change. Later realized that the actual jre running in EPICOR\ was 1.4. Run C:\Epicor\oe101b\jre\bin\java -version first! Trying 1.4.2 version next.

1 Like

Let me know how it goes

Here’s what we tried:

  • Install Unlimited Strength Crypto
  • Upgrade Java to 1.7 (from 1.4)
  • Upgrade from Windows Server 2003 to 2008 R2
  • Enlisted 5 very experienced consultants but it was a younger Java programmer who knew the solution.

Here’s what worked:

  • Reverse Proxy Server (nginx) on a local server running Server 2019. It allows unencrypted traffic from Epicor to nginx, and encrypted traffic from the server to Avalara.

Thanks for help and best of luck to others (hopefully no one still running this old software).


Would you be able to share the nginx config that you were able to get to work?

I was able to do some successful testing using ghostunnel as a forward proxy, what did you end up doing and if you can share your config?