Skip To Content

Configure the portal to trust certificates from your certifying authority

Portal for ArcGIS makes HTTPS requests to ArcGIS Server in a number of situations. When the portal needs to make an HTTPS connection to ArcGIS Server, it checks if the certificate returned by the server is trusted. If it's not trusted, the connection fails.

By default, Portal for ArcGIS trusts some well-known certifying authorities (CAs) such as Verisign and Thawte. However, it may not trust a CA that is less well known or is specific to your organization. For example, many organizations have root CAs that don't actually sign web server certificates, rather, they only certify intermediate CAs. These intermediate CAs are often the ones that sign your web server's certificate. If your certificate is signed by an intermediate CA, you must import the root certificate first and then the intermediate certificate, as described below.

  1. Obtain the certificates you want to import.

    In many cases, these certificates may already be loaded into your organization's browsers and can be exported from the browser.

  2. Sign in to the Portal Administrator Directory as an administrator of your organization.

    The URL is in the format https://webadaptorhost.domain.com/webadaptorname/portaladmin.

  3. If you are configuring highly available portal machines to trust certificates, sign in through port 7443 using the URL in the format https://portalhost.domain.com:7443/arcgis/portaladmin. Note that since importing certificates will cause the portal to restart, this operation may trigger a failover for your highly available portal.
  4. Import the root and intermediate certificates:
    1. Click Security > SSLCertificates > Import Root or Intermediate Certificate.
    2. Browse to the location of the root certificate provided by the CA and click Import.
    3. Browse to the location of the intermediate certificate and click Import.
    4. Repeat these substeps for additional root and intermediate certificates.