*Screenshot Of Error*


Description:

Under development or Demo conditions it may be advantageous to setup a SSL environment, this can be done

using a Self Signed Certificate created through IIS. This wiki will outline creation of the certificate, using it for

SSL communication and how to trust the self signed certificate on a remote (including a local virtual) machine.


Software Versions Affected: Epicor ECM (Docstar) 20.x and newer versions



Solution:  

Setup

Create the certificate

IIS: Not compatible with Chrome

This is informational only, do not follow this mode for proper use in DocStar ECM

1. Open IIS

2. Select your server in the connection panel on the left.

3. Open 'Server Certificates' in the middle panel

4. Click 'Create Self-Signed Certificate' on the right panel

5. Enter any friendly name you want to describe this certificate, select 'Web Hosting' from the drop down list

and click OK.

Powershell: Works with all browsers


1. Open powershell on Windows 10 or Server 2016 (run as administrator) 

 (DOES NOT WORK FOR Windows 2012 R2) If server is 2012 you can create on supporting OS then export and import onto 2012 machine)


2. Run a modified version of this command replacing the machine name with your machine name:


(command line in powershell to run) New-SelfSignedCertificate -FriendlyName DocStarChromeSupportCert -DnsName full computer name with domain -CertStoreLocation Cert:\LocalMachine\My -NotAfter (Get-Date).AddYears(10)

3. Go to Start --> Run --> mmc

4. In mmc select File --> Add\Remove Snap-in

5. Select Certificates and click Add


6. Select Computer Account and click next then finish, then click OK to close the Add or Remove Snap-ins

dialog.

7. Expand Certificates > Personal > Certificates and select the DocStarChromeSupportCert certificate

8. Export the certificate to a pfx file:

1. Right click the certificate, select all tasks, click export

2. Click Next, Select the option to 'Yes, export the private key' and click next

3. In addition to the default checked items check 'Export All extended properties' then click next

4. Check password and give the cert a password, then click next

5. Browse to a path you want to save the certificate to then click next and then finish

9. Add the certificate to the Trusted Root Certification Authorities

1. In the same MMC used above expand Certificates > Trusted Root Certification Authorities >

Certificates

2. Right click Certificates --> All Tasks --> Import

3. Click Next, Select the pfx file created above, click next

4. Enter your password and check 'Mark this key as exportable' and 'Include all extended properties' then

click next

5. Dialog will default to the correct store, click next and then finish

10. Import the certificate into IIS so it can be used.

1. Open IIS Manager

2. Select the machine name in the left pane then double click 'Server Certificates' in the center pane

3. Select import on the left pane, browse for your pfx file created above, enter your password, and select

WebHosting in the dropdown, then click Ok.

11. Use the certificate

1. Open IIS

2. Expand the tree in the Connections panel {Server}-->Sites-->Default Web Site

3. Click bindings

4. If https is not listed click add, otherwise select the https binding and click edit.

5. Select https in the Type dropdown, select the self signed certificate you created in the above steps, then click

OK.

12. Now you may open the browser or use the systray to connect to eclipse using https and the machine name as the

domain (ie https://mymachine/eclipseweb)

Remote Machine use of Self Signed Certificates

Now that you have a certificate setup and it is working on your local system you may want to access the system

remotely. Once you do so you will notice you get a SSL error when accessing via the browser and an error when

trying to login via the client. This is because the remote server does not trust the self signed cert on your local

machine. To trust the cert take the following steps:

1. Export your self signed certificate

1. Open IIS

2. Select your server in the connection panel on the left.

3. Open 'Server Certificates' in the middle panel

4. Select your self signed certificate and click Export on the right hand panel

5. Select a path to export to and give the cert a password, then click ok

6. Copy the exported certificate to your remote machine

7. Import the certificate as a 'Trusted Root Certification Authorities'

8. Double click the certificate file

9. Select 'Local Machine' then click next

10. Select Next with the file pre-selected


13. Using Self Signed Certificates


1. Enter your password and check 'Mark this key as exportable'

2. Select 'Place all certificates in the following store'

3. Click browse and select 'Trusted Root Certification Authorities', select Next then Finish

4. Restart the application trying to access eclipse, you should no longer receive any SSL error on the remote

machine


Reference Ticket: 26974 and Docstar Case CS0002378765