Enabling SSL using an existing SSL certificate

If you already have an SSL certificate issued by a commercial or internal Certificate Authority, you can use this existing certificate to enable SSL for ArcGIS Server. In order to import this certificate into ArcGIS Server, the certificate and its associated private key must be stored in the PKCS#12 format, which is represented by a file with either the .p12 or .pfx extension. The steps to enable SSL using an existing SSL certificate are

Import the SSL certificate into ArcGIS Server

Steps:
  1. Log in to the ArcGIS Server Administrator Directory as the primary site administrator or a user with administrative privileges, for example, http://gisserver.domain.com:6080/arcgis/admin.
  2. Navigate to machines > [machine name] > sslcertificates.
  3. Since the certificate you are importing was issued by a Certificate Authority, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate.
  4. Click importExistingServerCertificate to import the SSL server certificate.
    1. In the Certificate password field, enter the password to unlock the file containing the SSL certificate.
    2. In the Alias field, enter a unique name that easily identifies the certificate.
    3. Click Browse to choose the .p12 or .pfx file that contains the SSL certificate and its private key.
    4. Click Import to import the SSL certificate.

Configure ArcGIS Server to use the SSL certificate

To specify the SSL certificate that ArcGIS Server should use:

Steps:
  1. Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin.
  2. Browse to machines > [machine name].
  3. Click edit.
  4. Enter the name of the SSL certificate that you want to use in the box for Web server SSL Certificate.
  5. Click Save Edits to apply your change.
  6. On the current page, view the property Web server SSL Certificate to verify that the desired SSL certificate will be used for SSL.

Configure each GIS server in your deployment

If you have a multiple machine deployment of ArcGIS Server, you must repeat steps 1 and 2 above for each GIS server that participates in your site.

Enable SSL for your site

Steps:
  1. Log in to the ArcGIS Server Administrator Directory: http://gisserver.domain.com:6080/arcgis/admin.
  2. Browse to security > config > update.
  3. For the Protocol parameter, choose the HTTPS Only option and click Update. Your ArcGIS Server site is automatically restarted. In a developer environment, you may also choose to use the HTTP and HTTPS option. With this option, users will be able to access ArcGIS Server through either HTTP or HTTPS.
NoteNote:

It takes the Web Adaptor one minute to recognize changes to the communication protocol of your site.

LegacyLegacy:

In previous versions, you were required to reconfigure the ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. At 10.2.2, this is no longer necessary.

Import the certificate into the OS certificate store

Import the CA's root certificate into the Operating System's certificate store:

Steps:
  1. Log in to a machine hosting ArcGIS Server.
  2. Copy the signed certificate received from the CA to a location on this computer.
  3. Open this certificate and click the Certificate Path tab. If the Certificate Status: is This certificate is OK., the CA root certificate is present in the Windows certificate store and does not need to be imported. Skip to step 9.
  4. Copy the CA root certificate to a location on this computer.
  5. Open Certificate Manager. You can do this by clicking the Start button, then typing certmgr.msc into the Search box, and pressing the ENTER key.‌
  6. In the Certificate Manager window, click Trusted Root Certificate Authorities, then click Certificates.
  7. On the top menu click Action , then select All Tasks > Import.
  8. On the Certificate Import Wizard dialog box, click Next, then follow the instructions in the wizard to import the CA's root certificate.
  9. Repeat steps 1–8 for each GIS server in your site.
  10. Restart each GIS server in your site.

Access your site using SSL

Once SSL has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:

ArcGIS Server Manager

https://gisserver.domain.com:6443/arcgis/manager

ArcGIS Server Services Directory

https://gisserver.domain.com:6443/arcgis/rest/services

NoteNote:

If you rename ArcGIS Server while SSL is enabled, you can continue to access ArcGIS Server using SSL; however, you must generate a new SSL certificate and configure ArcGIS Server to use it.

Copyright © 1995-2015 Esri. All rights reserved.
9/1/2015