Enterprise search setup

So I’m trying to configure Enterprise search for 10.2.700.36 and I’m not being successful due to the new SSL requirements, and extremely limited instructions regarding how to set that up.

Our previous version of 10.2.400 would work fine without the SSL issue but with the new .700 release nothing is working correctly.

I am using a self signed certificate which I know is not recommended by Epicor but there is nothing that says that wont work at all. I’ve added the certificate for the server to the Trusted Root Certificate Authorities group but that doesn’t seem to help. This is all I get when attempting to search. I get the same results even when searching right on the server itself.

Any suggestions are greatly appreciated.

@FTI-SeniorAdmin I suspect you are hitting the same issue I did if you converted up from 10.2.400. Epicor added an API key and the SSL message is a red herring.

1 Like

I wish that was the case… I completely deleted the Search Index and re-deployed it after the new version was made live. I will try to remove it and re-create it though since I don’t know what cert I had selected when I created it.

The search is also not working through the Modern shell, or classic… I only get that SSL error.

I’m going to look into this KB though… it’s the error I’m getting.


I also can’t understand the requirement to “purchase” a Certificate for a private non public domain. Our domain is not web facing so the necessity of that is just ridiculous if you ask me. I shouldn’t have to pay someone to create a certificate to authenticate the identity of our server.

I started a call with Epicor to see if they can give me some suggestions. I don’t know how critical all of the Binding settings are. They explain them in the installation manual but they don’t indicate what they need to be for specific things to work. Right now the only one I have setup is the Net.Tcp Endpoint Binding as UsernameWindowsChannel. The HTTP and HTTPS ones are set at None for the App server Configuration as well as the Search Index configuration.

I used AD Certificate Services standalone to make my certificates and they all were fine. I used net.tcp in 10 and https in 11 as it worked better for my remote offices and net.tcp is going away. As long as you matched the settings in the ES wizard it should work.

We are using a self signed certificate and Enterprise Search works in 10.2.700. I recall there was difficulty to get it working, that I just barely understood at the time and even less so now. Here some notes I took at the time:
-Followed instruction in EAC Help, not instructions in Upgrade Guide.
-I deleted one extra certificate and I copied the one remaining certificate that allows E10 to work from the Personal group to the Trusted Root CA in Control Panel > Manage Certificates. Rebooted and that allowed the new deployment of Enterprise Search to work.

We’re on-prem and we’re also using a self-signed certificate. I installed it on the app server and then created a group policy so it gets copied automatically to the clients as well. Can’t remember exactly how but I know I used a couple of links from Epicor support to do that. If you contacted them already you’re on the right track.

So I worked with Support this AM and we couldn’t determine what was causing the issue. Prior to me getting on the call with him I tested it on my machine and I was still getting the SSL error. We messed around and created a test index only looking at the customer table. After that the new error was a 401 authorization failure when trying to search. We then inspected the Bindings setting of IIS and I had entered in a host name on the 443 entry due to a setup suggestion I read, that was done during trouble shooting for the original SSL error, we removed the Hostname on that entry saved it and then we were able to access Enterprise search website. The tech was as baffled as I was since the original SSL error went away without changing anything SSL related and then the new 401 error that came up on the new index was solved by removing that host name entry.

Not really sure what went wrong and when but we have it sorted out now. I will most likely have to setup a GP to import the self signed cert on all the client machines though, I’m not surprised by that requirement. Thanks for the input from others!

1 Like