New On-Premise TAS Server for APPS9, does it require it own private key?

@CUCSOLUTIONS if you can reach the TAS from your laptop but not your phone, that indicates one of two things:

1. the TAS only has an internal URL, and you need a reverse proxy or similar to expose it to the internet (assuming your laptop is part of the intranet either physically or via VPN)
2. OR the TAS is publicly accessibly but its SSL certificate is accepted by your laptop but not by your phone (for example, Android is picky about certificate chains being valid).

When you mentioned “private key” did you mean the SSL certificate? as long as the certificate is valid, you can of course re-use the same on your new server.

Please check the above and let us know how it goes!

Cheers,

Rukmal

Thank you both for your responses. So let me answer both.

1. the TAS only has an internal URL, and you need a reverse proxy or similar to expose it to the internet (assuming your laptop is part of the intranet either physically or via VPN)
   1. we only use vpn and the TAS is internal only
2. OR the TAS is publicly accessibly but its SSL certificate is accepted by your laptop but not by your phone (for example, Android is picky about certificate chains being valid).
   1. The SSL is a wildcard SSL and was applied to the TAS Site. We use Windows for the IFS mobile app

When you mentioned “private key” did you mean the SSL certificate? as long as the certificate is valid, you can of course re-use the same on your new server. …. No from TAs install … 

Move of an existing IFS Touch Apps Server Installation

 Certificate and private key

When IFS Touch Apps Server is installed, a certificate (public key) and private key pair are generated to support asymmetric encryption.

The existing certificate and private key must be exported from the existing installation. The exported certificate information can then be imported on the new server.

Access to the private key must match the access given on the existing installation. Network Service, the local Users group and the Common User in a Web Farm installation must have read access to the private key.

- There is a private key found on our old TAS server. I took that cert, exported from the old server and imported to the new server. Set the same permissions.

Since I have both TAS (old & new) running, can I use the same private key from the old server to the new or do I need to generate a new private key for the exchange of the security token between TAS server and the IFS Mobile app? 

Check accessing the url from the mobile browser. - This works fine, no issues

Has the url changed for the new host? Yes it has and is accessible through the URL, but not the mobile app

Is it a wildcard SSL certificate ? Yes it is.

When I login to the new URL from mobile. I get this error.

In the TAS Log file I get this error.

w3wp.exe Warning: 0 : CurrentDomain_AssemblyResolve: Couldn't resolve Assembly 'Ifs.TouchApps.OnPremise.ServerRole.resources, Version=1.14.1.74, Culture=en, PublicKeyToken=null'.
    DateTime=2023-05-12T11:26:35.6656414Z

TLS 1.1 & 1.2 are enabled on the new dev TAS server.

web config files look identical with exception of the new db names on the sql server and new URL

Where should I be looking next?

Truly appreciate all of your wonderful suggestions and assistance.

Marjie