Enabling SSL using the default self-signed certificate
In this topic
- Enable SSL for your site
- Access your site using SSL
- Import the certificate into the OS certificate store
This tutorial shows you how you can enable SSL for ArcGIS Server using the default self-signed certificate. When you first create your ArcGIS Server site, a self-signed certificate is automatically created for each GIS server machine that participates in your site. By default, ArcGIS Server will use this self-signed certificate when SSL is enabled.
In rare cases, the self-signed certificate for ArcGIS Server may no longer be valid, usually because the certificate has expired or the host name of the machine was changed. In these cases you will need to generate a new self-signed certificate. For instructions on how to do this, see Creating a new self-signed certificate.
If you want to view the default self-signed certificate, you can do so by following the instructions below:
- Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin.
- Browse to machines > [machine name] > sslcertificates > selfsignedcertificate.
Enable SSL for your site
- Log in to the ArcGIS Server Administrator Directory: http://gisserver.domain.com:6080/arcgis/admin.
- Browse to security > config > update.
- For the Protocol parameter, choose the HTTPS Only option and click Update. Your ArcGIS Server site is automatically restarted. In a developer environment, you may also choose to use the HTTP and HTTPS option. With this option, users will be able to access ArcGIS Server through either HTTP or HTTPS.
It takes ArcGIS Web Adaptor one minute to recognize changes to the communication protocol of your site.
In 10.2.1 and earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. In 10.2.2 and later versions, this is no longer necessary.
Access your site using SSL
Once SSL has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:
ArcGIS Server Manager
ArcGIS Server Services Directory
If you rename ArcGIS Server while SSL is enabled, you can continue to access ArcGIS Server using SSL; however, you must generate a new SSL certificate and configure ArcGIS Server to use it.
Import the certificate into the OS certificate store
For ArcGIS services such as the PrintingTools service to work with an SSL-enabled ArcGIS Server, the server's SSL certificate must be installed as a trusted certificate:
- Log in to the ArcGIS Server Administrator Directory.
- Browse to machines > [machine name] > sslcertificates.
- Click the SSL certificate being used by ArcGIS Server and click export. Save the file to the location where CA root certificates are stored on your computer.
- On the machine hosting ArcGIS Server, open the init_user_param.sh script in a text editor by browsing to the <ArcGIS Server installation directory>/arcgis/server/usr directory.
- Locate the line export CA_ROOT_CERTIFICATE_DIR=<Location_to_CA_Root_Certificate> and specify a location where all CA root certificates are stored on the system. Note that the specified directory needs to be accessible by the account that was used to install ArcGIS Server. You'll need to uncomment the lines by removing the pound sign (#) characters.
- Save and close the init_user_param.sh script.
- Restart ArcGIS Server. You can do this by running the startserver.sh script on each GIS server in your site.
- Repeat the above steps for each GIS server in your site.