Enabling SSL on ArcGIS Server when accessed through the ArcGIS Web Adaptor

When the ArcGIS Web Adaptor has been configured to forward requests to your ArcGIS Server site, you'll need to enable SSL on the web server hosting the Web Adaptor and enable SSL on each GIS server machine participating in the ArcGIS Server site. To get started, follow the steps in the sections below.

Create a new self-signed certificate

Steps:
  1. Log in to the ArcGIS Server Administrator Directory: http://gisserver:6080/arcgis/admin.
  2. Navigate to machines > [machine name] > sslcertificates.
  3. Click generate.
  4. Enter values for the parameters on this page:

    Option

    Description

    Alias

    A unique name that easily identifies the certificate.

    Key Algorithm

    Use RSA (the default) or DSA.

    Key Size

    Specifies the size in bits to use when generating the cryptographic keys used to create the certificate. The larger the key size, the harder it is to break the encryption; however, the time to decrypt encrypted data increases with key size. For DSA, the key size can be between 512 and 1,024. For RSA, the recommended key size is 2,048 or greater.

    Signature Algorithm

    Use the default (SHA1withRSA). If your organization has specific security restrictions, then one of the following algorithms can be used: SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA1withDSA for DSA.

    Common Name

    Use the domain name of your server name as the common name.

    If your server will be accessed on the Internet through the URL https://www.gisserver.com:6443/arcgis/, use www.gisserver.com as the common name.

    If your server will only be accessible on your local area network (LAN) through the URL https://gisserver:6443/arcgis, use gisserver as the common name.

    Organizational Unit

    The name of your organizational unit, for example, GIS Department

    Organization

    The name of your organization, for example, Esri

    City or Locality

    The name of the city or locality, for example, Redlands

    State or Province

    The full name of your state or province, for example, California

    Country Code

    The abbreviated code for your country, for example, US

    Validity

    The total time in days during which this certificate will be valid, for example, 365.

  5. Click Generate to generate the certificate.

Configure ArcGIS Server to use the SSL certificate

To specify the SSL certificate that ArcGIS Server should use:

Steps:
  1. Log in to the ArcGIS Server Administrator Directory: http://gisserver:6080/arcgis/admin.
  2. Navigate to machines > [machine name].
  3. Click edit.
  4. Enter the name of the SSL certificate that you want to use in the box for Web server SSL Certificate.
  5. Click Save Edits to apply your change.
  6. On the current page, view the property Web server SSL Certificate to verify that the desired SSL certificate will be used for SSL.

Configure each GIS server in your deployment

If you have a multimachine deployment of ArcGIS Server, you must create a new self-signed certificate for each GIS server that participates in your site and configure each machine to use the certificate.

Enable SSL for your site

Steps:
  1. Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin.
  2. Browse to security > config > update.
  3. For the Protocol parameter, choose the HTTP and HTTPS option and click Update. This will automatically restart your ArcGIS Server site.
  4. After your site is restarted, verify that you are able to access the URL https://gisserver.domain.com:6443/arcgis/admin. If you do not get a response from this URL, ArcGIS Server was unable to use the specified SSL certificate. Check your SSL certificate and configure ArcGIS Server to use a new or different SSL certificate.
  5. If you are able to access the URL https://gisserver.domain.com:6443/arcgis/admin, browse to security > config > update.
  6. For the Protocol parameter, choose the HTTPS Only option and click Update. ArcGIS Server is restarted.
  7. Once the server restarts, test that you can access the HTTPS URL of ArcGIS Server, for example, https://gisserver.domain.com:6443/arcgis/rest/services.

Configure SSL on the Web Adaptor

NoteNote:

If you previously configured the Web Adaptor with ArcGIS Server, you'll need to reconfigure it with your server by following the steps below. This will update the Web Adaptor's configuration to reflect the changes you made when enabling SSL on your site in the steps above. If you don't follow these steps, you will be unable to access your site through the Web Adaptor URL.

Steps:
  1. Enable SSL on the web server hosting the Web Adaptor. For instructions, consult the product documentation specific to your web server.
  2. Open the Web Adaptor configuration page in a web browser. Typically, this URL is https://gisserver.domain.com/arcgis/webadaptor/server.
  3. For GIS Server URL, enter the HTTPS URL to one of the GIS server machines in your site, for example, https://gisserver.domain.com:6443.
  4. Supply a user name and password for an account that has administrative privileges to your site.
  5. Choose whether users can administer the site through the Web Adaptor. By default, administration of the site through the Web Adaptor using ArcGIS Server Manager and the ArcGIS Server Administrator Directory is disabled.
  6. Click Configure to apply your settings.
  7. Test that you can access the HTTPS URL of your Web Adaptor, for example, https://webadaptor.domain.com/arcgis/rest/services.

Access your site using SSL

Once SSL has been configured, you can securely access ArcGIS Server directly though HTTPS using port 6443 or the Web Adaptor URL. The URLs will be formatted as follows:

ArcGIS Server Manager

Access Manager through GIS server: https://gisserver.domain.com:6443/arcgis/manager.

Access Manager through the Web Adaptor (only applies if administrative access is enabled): https://webadaptor.domain.com/arcgis/manager.

ArcGIS Server Services Directory

Access Services Directory through GIS server: https://gisserver.domain.com:6443/arcgis/rest/services.

Access Services Directory through the Web Adaptor: https://webadaptor.domain.com/arcgis/rest/services.

NoteNote:

If you rename ArcGIS Server while SSL is enabled, you can continue to access ArcGIS Server using SSL; however, you must generate a new SSL certificate and configure ArcGIS Server to use it.

Copyright © 1995-2014 Esri. All rights reserved.
12/18/2014