Indeed. Sounds like a task for Monday 
1 Like
How do you create your certificate? what is in the Subject name? is there just “dev01”? or full address? try to use full address to access the site.
Before I swapped out the cert, it was a fully qualified domain name cert. Because it wasn’t working when I created this topic, I created a new cert “Dev01” and assigned it to the app.
Epicor application worked in either situation, but the API wasn’t working in both.
This was also after I upgraded from 10.1.600.11 to 10.2.200.3 and restored the database from a 10.2.200.3 environment.
Should I create a new cert and try again?
how do you create it? Powershell or?
I created it manually through IIS
I did not check in win2016, but IIS always created full domain name in subject name. Anyway, it should only show error in cert, but still connects… Strange.
So we replaced the SSL with a new one, and redeployed. Now I get the help page, but back to square one with the method list not appearing 
no. it is not the same 
It is your IE is working in the compatibility mode. Swagger requires that you switch OFF compatibility mode in IE
Chrome is more strict about certificates. Click F12, switch to Secuirty page and look what is written there. Usually there is more info what is wrong.
second error - because you are not using full domain name, how it is written in the Subject name of your cert.
To fix the first one - you need to generate cert differently, to add Subject Alternative name to the cert.
We can try it, but again, it usually just shows cert error in address line, but still working.
If you want to try, here is Powershell command to create self-signed cert (DnsName is used to create Subject Alternative name):
For example, if your machine name is MyComp, you need to run the command:
New-SelfSignedCertificate -DnsName MyComp,MyComp.example.com -CertStoreLocation cert:\LocalMachine\My
and created certificate can be used to connect to both https://MyComp or https://MyComp.example.com
After certificate is created, usual steps to add it to IIS and all necessary storages should be done as before.
1 Like
You want your connection to look like this.
The connection to this site is encrypted and authenticated using TLS 1.2 (a strong protocol), ECDHE_RSA with X25519 (a strong key exchange), and AES_256_GCM (a strong cipher).
You can use IIS Crypto 2.0 to eliminate the obsolete SSL/TLS properties, which I am not sure why are showing on IIS 10. You can run the tool, select best practices, and then apply. You may want to redo your certificate after as well.
EDIT:
2 Likes
yes, you are right - there is obsolete cipher HMAC-SHA1. I wonder why it is not shown in red though…
1 Like
Thanks Dan
I ran the tool, applied, restarted the VM, replaced the cert with a new one. I still get blank methods page in IE, after adding the site to the IE compatibility view thing. No luck on any of it and I created a ticket.
Does Chrome work?
Chrome does work. Interesting
I think with IE the site should not be in compatibility mode. Sites in the Intranet zones use this by default so make sure to check the zone as well
2 Likes
Ok that worked now. I will mark your well document response above as the solution, but I wish I understood why that’s the solution