Troubleshooting Symantec VIP integration with Epic Hyperdrive
search cancel

Troubleshooting Symantec VIP integration with Epic Hyperdrive

book

Article ID: 271584

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Common issue with the Symantec VIP integration for Epic Hyperdrive.

Resolution

  • VIP Integration Guides for Epic can be found here.
  • Enable viewing file name extensions and hidden items, then confirm that the .P12 and .PEM files. (for example, cert.p12 isn't actually cert.p12.p12,  or cert.pem isn't actually cert.pem.cer). 
  • Use alphanumeric characters in the cert name. (for example, my.domain.com.p12  → mydomainp12.p12).  
  • The SAML issuer URL is a unique identifier for that Epic server instance. Work with your Epic engineer to determine this value. Each server value needs to be unique. (example: https://epicserver1.example.com, https://epicserver2.example.com
  • Plain text passwords for the .P12 cert and RADIUS shared secret cannot contain these characters prior to using the camouflage.exe tool: " $ =
  • It is normal for the camoflouged password to contains non-alphanumeric characters, such as  $ or =
  • The public key only is required when extracting the .PEM file from the .p12.
    • OpenSSLCommand to extract public certificate from p12:
      openssl pkcs12 -in certificate.p12 -out certificate-pub.pem -clcerts -nokeys

      Use any text editor to open the certificate-pub.pem and remove "Bag Attributes" information (example: remove all lines above this line ----BEGIN CERTIFICATE----)

    • Optional tool for Windows: DigiCert Cert Utility can be used to extract the PEM without the private key.

  • If .P12 path errors are encountered in the Hyperdrive cloud logs, try copying the .P12 file to the same installation folder as the VIP plugin, then change the registry to point to the new path. Restart the Epic service.