Epicor Idea: Fix Self-Signed Certs

Here’s the solution to our EKW case (CS0004093332).

  • Revert to less secure version of Chrome
  • Get a Trusted Cert

image

I created an Epicor Idea to fix self-signed certs at least for dev instances, but the writing is on the wall.

A few related threads:

Cert created in the last versions of EAC still works for me.
That is why I asked to report if it does not.

But of course if your Kinetic version is several years old, I don’t think this will be fixed. You can create a cert with powershell just as well.

1 Like

I suggested that Epicor create a certificate service like CertifyTheWeb.com to make this process easier for Kinetic users and to get out of the self-signed cert business. Here’s Support’s response:

image

That is why I created the Epicor Idea.

1 Like

Support also reminded me of this from the Kinetic Installation Guides (even my old one! :rofl: )

"With HTTPS as the standard protocol, all servers now require certificates. We recommend that you obtain certificates from a certificate authority. You may be able to get a free certificate from the nonprofit Let’s Encrypt (https://letsencrypt.org/) authority. While we recommend a certificate from a certificate authority, for intranet scenarios you may decide that a self-signed certificate is appropriate for servers not exposed to the public Web.

Important - We do NOT recommend using self-signed certificates for Kinetic Servers that host the production database as they do not assure high security. Please, study the available options and obtain an SSL certificate for your server from a trusted Certificate Authority."

I wanted to create a cert authority as a part of IDP stuff long ago :slight_smile: