Configuring the portal to trust certificates from your certifying authority

Portal for ArcGIS makes HTTPS requests to ArcGIS Server in a number of situations. When the portal needs to make an HTTPS connection to ArcGIS Server, it checks to see if the certificate returned by the server is trusted. If it's not trusted, the connection will fail.

Portal for ArcGIS, by default, trusts some well known certifying authorities (CAs) such as Verisign and Thawte; however, it may not trust a CA that is less well known or is specific to your organization. The following steps demonstrate how you can configure the portal to trust your CA's certificate.

Before beginning, understand that many organizations have root CAs that don't actually sign web server certificates, rather they only certify intermediate CAs. These intermediate CAs are often the ones that sign your web server's certificate. If your certificate is signed by an intermediate CA, then you need to import both the root and intermediate certificates into Portal for ArcGIS as described below. Import the root certificate first, then the intermediate certificate.

Steps:
  1. Obtain the CA certificate you want to import. In many cases these certificates may already be loaded into your organization's browsers and can be exported from the browser. In order to know which certificates to export, and you may need to seek assistance from an expert in this area from your organization.
  2. Log in to the machine where Portal for ArcGIS is installed and place the certificate file onto disk.
  3. Open a command prompt window using the Run as administrator option.
  4. Type a command to change to the following directory: <Portal installation location>\portal\framework\runtime\jre\lib\security
  5. Type the following command, replacing ca.crt with the actual certificate file you want to trust: ..\..\bin\keytool –importcert –file ca.crt –keystore cacerts
  6. When prompted for a password, type changeit.
  7. If prompted, indicate that you trust the certificate.

A message should indicate that you have successfully imported the certificate. Repeat this process if you have multiple certificates.

5/5/2015