Hi,
We have set up a test server on 2021.1.100.15 and when we assign a non SSL certificate we get the error “Could not establish trust relationship for the SSL/TLS secure channel with authority”. My application server won’t connect and keeps coming up with that error, not sure what i’ve done wrong
I have seen that in 2021.2.6 where Epicor’s generate cert isnt’ playing nice. I ended up making a new cert outside of Epicor and fixing it via IIS.
I’d be glad to see what @Olga suggests we look into.
I also didnt spend too much time on it, just needed to get by for dev.
I’ll second @hkeric.wci’s experience. Last week we were getting the same error on 2021.2 on one of two app servers. Using a cert from a trusted authority fixed the issue. We wanted the real cert anyway for oData in Excel, so we didn’t spend any time on it.
We have an external issued certificate but this does not work. What are the requirements? Does the ‘issued to’ have to be the same as something? Apologies if this is a stupid question but this is the first time i’ve worked with certificates. We didn’t believe this would be an issue as we could of sworn when we did the same in 10.2.700 it worked fine.
bumping an old post for the sake of continuity and not finding answers, as I don’t know what I’m doing on this. This post seems to have not been solved exactly.
I’m trying to build a dev 2022.1 and I’m stuck with keeping my dev 10.2.700’s on the same machine for now. I’ve reinstalled multiple times, converted the database no problem, and have the E10’s running in the 2022 admin console. Those are all net.tcp with windows auth, distributed via RDS on a separate TS farm.
When I try to build my appserver in EAC or try to run the local client, I get errors that seem to be related to SSL. I’m using a purchased certificate and it’s in both the personal and the 3rd party stores.
The only hiccup I can think of is that for REST use, this server has a DNS record pointing to a non-standard port, for security’s sake and to ensure apps don’t accidentally go to PROD.
I’ve checked all the things I can find like friendly names and dev.stuff.com vs. www.dev.stuff.com The only thing that made a difference was trying to manually change the appserver properties but it just crashed the EAC - not exactly an encouraging difference.
I’m following the release upgrade guide except that it recommends never running E10 next to E11 although it’s possible - I don’t have much choice at the moment so I hope that’s not it.
Any thoughts anyone?
1 Like
So, even though this may not have been what @Bart_Elia meant, this post gave me a hint. I think wildcard certs may be required, at least in our case where we’re using a custom port for https, it seemed to be all that was able to work.
We currently have a case into support regarding 2022.1 and wildcard certs, having similar issues as described in this thread. Also have another case in with Task Agent setup where it installs but it says the service is not there when you go an configure it. Also it won’t uninstall if you want to try that.
All on prem systems. Just put the .5 patch on this morning.
Sorry, I probably should have made a separate thread, because in fact the OP was asking about a test server and @hkeric.wci solved it for a test server.
I did find that even with a new cert I had to restart the task agent service in between every step, and before uninstalling. It’s not quite that clear in the docs but it’s working now.