Enabling SSL on ArcGIS Server

Out of the box, ArcGIS Server uses HTTP protocol for all communication. Since HTTP communication may be easily intercepted and/or modified, it is recommended that you enable SSL and disable HTTP to secure your ArcGIS Server site. For more information about SSL, see Introduction to SSL.

Enabling SSL in a single-machine test environment

If you're developing or experimenting with ArcGIS Server on a single machine, you can enable and configure SSL using the default self-signed certificate. For instructions on how to do this, see Enabling SSL using the default self-signed certificate.

Enabling SSL on ArcGIS Server when using the ArcGIS Web Adaptor

When the Web Adaptor is configured to forward requests to ArcGIS Server, you must enable SSL on the web server hosting the Web Adaptor and enable SSL on each GIS server machine participating in the ArcGIS Server site.

If your site will be accessed by external users, you should configure SSL on the web server hosting the Web Adaptor using a commercial Certificate Authority certificate. You must also configure SSL on each GIS Server machine participating in the site using a self-signed certificate. For instructions on how to do this, see Enabling SSL on ArcGIS Server when using the ArcGIS Web Adaptor. Instead of a self-signed certificate, you can also choose to use a CA-signed certificate on each GIS server machine participating in the site.

For instructions on how to enable SSL on a GIS server by creating a new CA certificate, see Enabling SSL using a new CA-signed certificate.

Enabling SSL on ArcGIS Server when using a load balancer

If your configuration uses a hardware or software load balancer as the gateway to your site, you must enable SSL on the load balancer and enable SSL on each GIS server machine participating in the site.

If your site will be accessed by external users, you should configure SSL on the load balancer using a commercial CA certificate. You must also configure SSL on each machine participating in the site using a self-signed or CA-signed certificate.

12/18/2014