@hmwillett – Thanks for responding, Hannah.
The quick set-up is this:
-
Brand-new, immediate deployment of 10.2.700.0; uplifted to v10.2.700.8
-
No extensions have been installed
-
Existing SSL certificate issued by GoDaddy
-
Certificate installed in the “Personal” store of the local server
-
Certificate “friendly name” changed from “GoDaddy” to “atest1.[domain name].com”, in line with our domain.
-
We had also experienced “UserFile.svc” errors that, upon checking the server’s Event Log, we discovered x509 certificate errors that forced us to modify the IIS application’s “web.config” file to identify the GoDaddy certificate by thumbprint value.
-
I had a recent thread topic opened for, essentially, the same issue – which was remedied for the specific problem I was having – but I believe this issue exists in a more broader sense (that I wasn’t aware of at the time), which is why I’m starting a new thread topic on it here.
General Behavior:
Once the deployment finishes, the EAC automatically tries to connect to the newly deployed E10 server instance. When this happens, I receive a “DNS Endpoint Identity” error (see below, marked in red):
We are purposefully NOT configuring anything with the “www.” prefix in the DNS Endpoint reference. However, looking at the GoDaddy certificate’s SAN, it is listing two (2) SAN values – one of them with the “www.” prefix in front of it.
I’m not an SSL cert guru… but I am suspecting that Epicor is “choosing” the SAN with the prefix in front of it as a matter of “default interpretation”.
I do not know how to get Epicor to choose/select/use the other SAN value, presuming there is a way to do it. I acknowledge that this may be an IIS issue that needs to be resolved through some configuration setting in the “web.config” (perhaps), but I don’t have that level of understanding here.
What might your hunch(es) be?