When you create a data store, the Data Store Configuration wizard accesses ArcGIS Data Store using a self-signed SSL certificate. Similarly, when the hosting server communicates with the data store, or individual machines within the data store communicate with each other, a self-signed SSL certificate is used. This is sufficient for most organizations. Some organizations, however, require all interactions be secured through an SSL certificate verified and signed by a certifying authority (CA) or one generated for their own domain. Such organizations can use the updatesslcertificate utility to replace the self-signed certificate with a CA-signed or domain certificate before configuring a data store on a machine.
The certificate file must be in PKCS12 format with a file extension of .pfx or .p12.
Once you have a certificate file, import it.
Follow these steps to update the SSL certificate on a single ArcGIS Data Store machine:
- Obtain an SSL certificate from a certifying authority or generate a domain certificate.
- Create a PKCS12 format file and set a password and alias for the file.
- Run the updatesslcertificate utility to replace the self-signed SSL certificate for an ArcGIS Data Store machine.
In this example, the certificate file, casignedcert.pfx, is in the tempfiles directory, has the alias myfilealias, and is secured with password Sec00rit.
./updatesslcertificate.sh /usr/tempfiles/casignedcert.pfx Sec00rit myfilealias
- If you have multiple ArcGIS Data Store machines, update the certificate for each one.
Verify you can access the Data Store Configuration wizard
Open a browser and type the URL to the Data Store Configuration wizard. The URL is in the format https://<fully qualified data store machine name>:2443/arcgis/datastore. If the wizard opens without returning a security warning, your SSL certificate was successfully updated.