Configuring HTTPS using a self-signed certificate—Documentation (10.4) (2024)

Table of Contents
Create a new self-signed certificate Configure ArcGIS Server to use the certificate Configure each GIS server in your deployment Configure HTTPS for your site Access your site using HTTPS Import the certificate into the OS certificate store

This topic shows you how you canconfigure HTTPS for ArcGIS Server using a self-signed certificate. The following steps configure HTTPS using a self-signed certificate:

  1. Create a new self-signed certificate.
  2. Configure ArcGIS Server to use the certificate.
  3. Configure each GIS server in your deployment.
  4. Configure HTTPS for your site.
  5. Access your site using HTTPS.
  6. Import the certificate into the OS certificate store.

Create a new self-signed certificate

  1. Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
  2. Browse to machines > [machine name] > sslcertificates.
  3. Click generate.
  4. Provide values for the parameters on this page:
    OptionDescription

    Alias

    A unique name that easily identifies the certificate.

    Key Algorithm

    Use RSA (the default) or DSA.

    Key Size

    Specifies the size in bits to use when generating the cryptographic keys used to create the certificate. The larger the key size, the harder it is to break the encryption; however, the time to decrypt encrypted data increases with key size. For DSA, the key size can be between 512 and 1,024. For RSA, the recommended key size is 2,048 or greater.

    Signature Algorithm

    Use the default (SHA1withRSA). If your organization has specific security restrictions, then one of the following algorithms can be used for DSA:SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withDSA.

    Common Name

    Use the domain name of your server name as the common name.

    If your server will be accessed on the Internet through the URL https://www.gisserver.com:6443/arcgis/, use www.gisserver.com as the common name.

    If your server will only be accessible on your local area network (LAN) through the URL https://gisserver.domain.com:6443/arcgis, use gisserver.domain.com as the common name.

    Organizational Unit

    The name of your organizational unit, for example, GIS Department.

    Organization

    The name of your organization, for example, Esri.

    City or Locality

    The name of the city or locality, for example, Redlands.

    State or Province

    The full name of your state or province, for example, California.

    Country Code

    The abbreviated code for your country, for example, US.

    Validity

    The total time in days during which this certificate will be valid, for example, 365.

    Subject Alternative Name

    The subject alternative name (SAN) is an optional parameter thatdefines alternatives to the common name (CN) specified in the certificate. There cannot be any spaces in the SAN parameter value.

    If no SAN is defined, a website can only be accessed(without certificate errors) by using the common name in theURL. If a SAN is defined and a DNS name is present, the website canonly be accessed by what is listed in the SAN. Multiple DNS names canbe specified if desired. For example, the URLs https://www.esri.com, https://esri,and https://10.60.1.16 can be usedto access the same site if the certificate is created using thefollowing SAN parameter value:

    DNS:www.esri.com,DNS:esri,IP:10.60.1.16

    See Also
    Working With Self-Signed Certificates in Chrome (Walkthrough Edition)How To Create Self-Signed Certificates Using OpenSSLAdding the self-signed certificate as trusted to a browserEnabling SSL using a self-signed certificate—Documentation (10.3 and 10.3.1)
  5. Click Generate to generate the certificate.

Configure ArcGIS Server to use the certificate

To specify the certificate that ArcGIS Server should use, complete the following steps:

  1. Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
  2. Browse to machines > [machine name].
  3. Click edit.
  4. Type the name of the certificate that you want to use in the Web server SSL Certificate field.
  5. Click Save Edits to apply your change. This automatically restarts your ArcGIS Server site.
  6. After your site is restarted, verify that you can access the URL https://gisserver.domain.com:6443/arcgis/admin. If you do not get a response from this URL, ArcGIS Server was unable to use the certificate. Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin, check your SSL certificate, and configure ArcGIS Server to use a new or different certificate.
  7. On the current page, view the property Web server SSL Certificate to verify that the desired certificate will be used for HTTPS.

Configure each GIS server in your deployment

If you have a multiple-machine deployment of ArcGIS Server, you must create a new self-signed certificate for each GIS server that participates in your site and configure that GIS Server to use the certificate.

Configure HTTPS for your site

  1. Verify that you can access the URL https://gisserver.domain.com:6443/arcgis/admin. If you do not get a response from this URL, ArcGIS Server was unable to use the specified certificate. Check your certificate, and configure ArcGIS Server to use a new or different certificate.
  2. If you can access the URL https://gisserver.domain.com:6443/arcgis/admin, browse to security > config > update.
  3. For the Protocol parameter, choose the HTTPS Only option, and click Update.
Note:

It takes ArcGIS Web Adaptor one minute to recognize changes to the communication protocol of your site.

See Also
How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH quickly
Legacy:

At 10.2.1 and earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. At 10.2.2 and later versions, this is no longer necessary.

Access your site using HTTPS

Once HTTPS has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:

ArcGIS Server Manager

https://gisserver.domain.com:6443/arcgis/manager

ArcGIS Server Services Directory

https://gisserver.domain.com:6443/arcgis/rest/services

Note:

If you rename ArcGIS Server while HTTPS is enabled, you can continue to access ArcGIS Server using HTTPS; however, you must generate a new certificate and configure ArcGIS Server to use it.

Import the certificate into the OS certificate store

For ArcGIS services such as the PrintingTools service to work with an HTTPS-enabled ArcGIS Server, the server's certificate must be installed as a trusted certificate:

  1. Log in to the ArcGIS Server Administrator Directory.
  2. Browse to machines > [machine name] > sslcertificates.
  3. Click the certificate being used by ArcGIS Server and click export. Save the file to the location where CA root certificates are stored on your computer.
  4. On the machine hosting ArcGIS Server, open the init_user_param.sh script in a text editor by browsing to the <ArcGIS Server installation directory>/arcgis/server/usr directory.
  5. Locate the line export CA_ROOT_CERTIFICATE_DIR=<Location_to_CA_Root_Certificate> and specify a location where all CA root certificates are stored on the system. Note that the specified directory needs to be accessible by the account that was used to install ArcGIS Server. You'll need to uncomment the lines by removing the pound sign (#) characters.
  6. Save and close the init_user_param.sh script.
  7. Restart ArcGIS Server. You can do this by running the startserver.sh script on each GIS server in your site.
  8. Repeat the above steps for each GIS server in your site.

Feedback on this topic?

Configuring HTTPS using a self-signed certificate—Documentation (10.4) (2024)
Top Articles
$LAMBO | CryptoSlate
Study at night, not early in the morning - The Baylor Lariat
Safety Jackpot Login
Skylar Vox Bra Size
Promotional Code For Spades Royale
Yogabella Babysitter
Marist Dining Hall Menu
Gw2 Legendary Amulet
Self-guided tour (for students) – Teaching & Learning Support
Apnetv.con
Rls Elizabeth Nj
Declan Mining Co Coupon
Daniela Antury Telegram
Shooting Games Multiplayer Unblocked
ocala cars & trucks - by owner - craigslist
I Wanna Dance with Somebody : séances à Paris et en Île-de-France - L'Officiel des spectacles
سریال رویای شیرین جوانی قسمت 338
Northern Whooping Crane Festival highlights conservation and collaboration in Fort Smith, N.W.T. | CBC News
N2O4 Lewis Structure & Characteristics (13 Complete Facts)
Violent Night Showtimes Near Amc Fashion Valley 18
Lonesome Valley Barber
Zack Fairhurst Snapchat
The Blind Showtimes Near Amc Merchants Crossing 16
Understanding Genetics
Iu Spring Break 2024
27 Fantastic Things to do in Lynchburg, Virginia - Happy To Be Virginia
Jailfunds Send Message
Lilpeachbutt69 Stephanie Chavez
Guinness World Record For Longest Imessage
Possum Exam Fallout 76
LG UN90 65" 4K Smart UHD TV - 65UN9000AUJ | LG CA
Moonrise Time Tonight Near Me
Daily Journal Obituary Kankakee
How to Play the G Chord on Guitar: A Comprehensive Guide - Breakthrough Guitar | Online Guitar Lessons
Carespot Ocoee Photos
About Us | SEIL
#1 | Rottweiler Puppies For Sale In New York | Uptown
Why Holly Gibney Is One of TV's Best Protagonists
Ticket To Paradise Showtimes Near Regal Citrus Park
Registrar Lls
Wilson Tattoo Shops
Andrew Lee Torres
Karen Wilson Facebook
Gas Buddy Il
Gli italiani buttano sempre più cibo, quasi 7 etti a settimana (a testa)
Chr Pop Pulse
2294141287
Here’s What Goes on at a Gentlemen’s Club – Crafternoon Cabaret Club
Assignation en paiement ou injonction de payer ?
Where and How to Watch Sound of Freedom | Angel Studios
sin city jili
Black Adam Showtimes Near Cinemark Texarkana 14
Latest Posts
7 Decision-Making Tools For Business Leaders
rente / interest
Article information

Author: Stevie Stamm

Last Updated:

Views: 6521

Rating: 5 / 5 (60 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Stevie Stamm

Birthday: 1996-06-22

Address: Apt. 419 4200 Sipes Estate, East Delmerview, WY 05617

Phone: +342332224300

Job: Future Advertising Analyst

Hobby: Leather crafting, Puzzles, Leather crafting, scrapbook, Urban exploration, Cabaret, Skateboarding

Introduction: My name is Stevie Stamm, I am a colorful, sparkling, splendid, vast, open, hilarious, tender person who loves writing and wants to share my knowledge and understanding with you.