Out of the gate, I am going to admit, SSL Certs are a mystery to me.
We are trying to setup a test environment for Epicor Mobile CRM and I know I cannot use a self signed cert which we are currently using. We’ve had a self signed in place from when we were running E9 with WCF services. When we upgraded to 10.2, we continued to need WCF services for our Dynamics CRM sync (I know, gasp, we should have bite the bullet and moved the code to REST) and just used it for the Epicor server as well.
In parallel to this, we have an SSL cert with GoDaddy for our company website which we host internally. So my question(s), are all SSL certs created equal? Can I use the same cert we are using for our website and also replace our self signed cert we have in place for WCF services and use it for REST endpoints to satisfy the Mobile CRM requirement?
Certificates for https connection must satisfy the folowing rules:
The full domain name of the URL you are connecting to must be included in the certificate, either in Subject name (SN) or in Subject Alternative Name (SAN). So, if your cert contains www.company.com and you are trying to connect to www.company.net - this will fail. Same with subdomains - cert for www.company.com will not work for my.company.com, you have to use wildcard certificate for this - *.company.com in cert’s SN/SAN. This means that if your GoDaddy cert contains the domain name you are going to connect, then it will work. If you are going to use another domain - it won’t work.
Client should trust the certificate. This is not a problem for certs issued by known authorities, like GoDaddy in you case. But for self-signed certs this will be a problem. You will have to export public key from you server cert into .cer file and import it on each client computer that is going to connect to your server. Import means that you place that .cer file into Trusted people or Trusted root folder of certificate storage for the client computer.