IIS Certificate Issue - Can't call REST via Screen

Hey all, I’m having an issue with a certificate and I was wondering if anyone has come across this type of setup. The server is setup with a purchased certificate which allows external access to Epicor 10.2.700 and it working perfectly. However, when I attempt to call a function via a screen mod, I get a certificate error.

Also, when I access the API help through a browser, I get an error that the certificate is not trusted. When viewing the certificate, it is the one for external access.

The external address is different than the internal one. I’m not a network admin, so I’m not sure how to get this to work. Normally I would create a certificate that matches what is in the app console. It also seems that someone tried to create an additional certificate with the internal address and that is in the personal and trusted sites store but that isn’t working.

So I guess my question is, how do most get this all to work while allowing external access? Does the network admin need to update the existing certificate to allow internal access? Any help would be appreciated. Epicor support has declined to help in this matter.

Call the external address.

Yeah, that is an option, but I would prefer to use the standard Epicor objects. Can you change the url that they point to?

I mean for everything.

You’re going to run into nothing but trouble trying to call one url internally, and another externally.

I’m not sure I understand your point. Maybe I wasn’t clear. I’m not the one who setup the certificate or installed Epicor. I also can’t make any changes that would affect the access externally. Basically I’m trying to find a solution to take back to the network admin so he/she can fix.

1 Like

You would need a certificate for each URI attached to the appropriate instance.

Just found out another consulting company did this, so I’ll just push it to them. Thanks for your help Clint and Kevin

2 Likes

In the very near future, we should be able to get .internal domains for, well, internal networks. In this situation, you would end up with two certs, one for your .com (or whatever your TLD is) and one for .internal. Today, you can map an internal IP address in DNS but that leaks too much information. I imagine with the .internal domain, you would block external DNS requests for the .internal zone.

3 Likes