Setting up SSL using Cloud Builder

In some cases you may want to require encrypted communication with your ArcGIS Server site using Secure Sockets Layer (SSL) technology. This requires that your site use an SSL certificate that you have obtained from a trusted certificate authority (CA). ArcGIS Server Cloud Builder on Amazon Web Services can install your SSL certificate for you at the time you create a site.

On the Security panel of Cloud Builder, you will find options for uploading and installing SSL certificates on your site.

Uploading a new certificate

Amazon Web Services (AWS) allows you to upload and store SSL certificates in the cloud as part of its Identity and Access Management (IAM) service. You don't have to learn how to use this service directly, because Cloud Builder provides a front end to it. Using Cloud Builder, you can upload one or more SSL certificates to AWS IAM, then you can choose to apply any one of those certificates whenever you build a site. The certificate will be installed for you.

To upload a certificate and install it on a site, do the following:

  1. Start creating or updating a site using Cloud Builder.
  2. In the Security panel of Cloud Builder, check Install SSL certificate.
  3. From the Choose SSL certificate drop-down list, choose <Upload certificate>.
  4. Supply the Certificate name by entering the name of the server certificate. Do not include the path in this value.
  5. Supply the Private key by browsing to the contents of your private key in PEM-encoded format.
  6. Supply the Public key certificate by browsing to the contents of your public key certificate in PEM-encoded format.
  7. Click Upload.
  8. In the Choose SSL certificate drop-down list, ensure your new certificate is selected.

Using an existing certificate

If you've already uploaded a certificate using Cloud Builder, you can do the following to install it on a site:

  1. Start creating or updating a site using Cloud Builder.
  2. In the Security panel of Cloud Builder, check Install SSL certificate.
  3. From the Choose SSL certificate drop-down list, choose your certificate name.

Configuring the ELB health check in HTTPS-only scenarios

When you select an SSL certificate, Cloud Builder configures your site so that it can receive both HTTP and HTTPS requests. If you later modify ArcGIS Server so that it is only allowed to receive HTTPS requests, then you must update the Elastic Load Balancer (ELB) health check using the following steps.

  1. Log in to the AWS Management Console and display the page for the EC2 region where your site resides.
  2. Click Load Balancers.
  3. Check the check box next to the load balancer named arcgis-<your site>.
  4. In the lower panel, click the Health Check tab.
  5. Click Edit Health Check.
  6. Change the Ping Protocol to HTTPS.
  7. Change the Ping Port to 6443 and click Save.
Copyright © 1995-2013 Esri. All rights reserved.
12/10/2013