How are others handling SSL certs for self hosted Epicor instances?
We’re using a self signed cert, but this is causing problems with javascript(executed in browser) Epicor REST requests… I don’t personally like the idea of manually accepting the cert on all browsers on all PCs… Curios how others are addressing this issue.
We have signed CA certs for everything. Makes everything easier.
What service are you using, lets encrypt?
No, we purchase certs from a CA. We’ve got both wildcard and FQDN certs. Just depends on where it’s being used.
Just to clarify you can get SSL Certs from a CA when the server has a non-routeable IP(e.g. 192.168.1.1, 10.0.0.1, etc)?
Any chance you could ballpark the cost for such a cert?
To answer your question, yes. You purchase certificates for hosts not IPs. Doesn’t matter if the IP for that host is a public or private IP. The cert is the same.
That really depends on where you buy your certs and what type you’re buying. Some common CAs are Sectigo and DigiCert. Look at their Wildcard SSL pricing and just DV pricing. Both list pricing on their site.
If you have a Active Directory Domain you can easily setup an internal CA that all your workstations respect and acknowledge and then you can make as many certs as you want for free
Another option. If you use your API endpoint outside your network that could cause some issues. But internally it would work fine.
Another thought. You could keep using self-signed certs. And use a GPO to add them to all PCs as a trusted cert. If you don’t want to purchase CA certs.
We’re very Unix centric and don’t have much in the way of Windows server infrastructure… It’s great to know we can purchase certs for private servers, I always thought that wasn’t an option 
Sure is. And platform doesn’t matter. If you buy a cert from Sectigo or DigiCert you can use on both Windows and Unix.
Sorry, didn’t mean to quote Sectigo… I meant for the approach with Active Directory and Group Policies, we don’t have the infrastructure, so it looks like buying a cert is the solution we were looking for!
Ah, ok. Yea that won’t work very well with Unix lol
If you’re on-prem, yeah, but in Azure…
I was referring to Group Policy. GPOs work in Azure on Red Hat even? I know you can join Linux to AD. But didn’t think GP worked.