ArcGIS Notebook Server requires communication over the HTTPS protocol. This provides a secure communication channel for all web traffic, both from ArcGIS Notebooks and from the back-end server site. Accessing ArcGIS Notebook Server through HTTPS ensures network confidentiality and data integrity.
The use of HTTPS protects against man-in-the-middle attacks, in which a malicious agent intercepts unsecured communications over a network and poses as the legitimate source of the communications to both the client and the server.
Communication over HTTPS is established through the use of digital certificates, which are usually signed by a certificate authority (CA). CA-signed certificates ensure trust between the client and the server.
There are three kinds of certificates:
- Self-signed certificates are only signed by the owner of the website to which they're registered. They are only appropriate for internal development and staging environments, not for production deployments.
- Domain certificates are only signed by the internal CA of the organization to which they're registered. They are appropriate if all web traffic will take place within the organization's firewall.
- Certificates signed by a well-known external CA are the standard for production deployments. These certificates assure clients from outside your firewall that the identity of your website has been verified.
ArcGIS Notebook Server has its own internal certificate store and includes a default self-signed certificate when it's first set up. However, you should configure a certificate signed by a well-known external CA before putting your ArcGIS Notebook Server site into production. This is especially important when your site's notebook authors will run notebooks that make calls over the internet.
Web browsers trust a site when it carries a certificate signed by a well-known external CA. Most web browsers warn or discourage you from using self-signed certificates. If your site is using one, users will have to frequently suppress warnings from the browser when accessing resources on your site.
Your IT administrator should be able to provide you with certificates signed by an well-known external CA. If not, you can generate your own certificate in ArcGIS Notebook Server and request for it to be signed by a CA.
All actions pertaining to certificates can be done in the ArcGIS Notebook Server Administrator Directory.
When you change the name of an ArcGIS Notebook Server machine, the site issues a new self-signed certificate and begin using it. You should then configure a CA-signed or domain certificate for the new machine name.
Configure a certificate with ArcGIS Notebook Server
The following topics provide steps on how to configure certificates with ArcGIS Notebook Server
- If you already have a CA-signed certificate (including a domain certificate): See the topic Configure an existing CA-signed certificate.
- If you need to create a new certificate and have it signed by an external CA: See the topic Configure a new CA-signed certificate.
If you only want to use a self-signed certificate, you do not need to take any action. ArcGIS Notebook Server comes with a default self-signed certificate, which can be used as soon as the site is set up. Remember that self-signed certificates are only recommended for internal development and staging environments.