Enabling SSL using the default self-signed certificate
In this topic
- Enable SSL for your site
- Access your site using SSL
- Import the certificate into the OS certificate store
This tutorial shows you how you can enable SSL for ArcGIS Server using the default self-signed certificate. When you first create your ArcGIS Server site, a self-signed certificate is automatically created for each GIS server machine that participates in your site. By default, ArcGIS Server will use this self-signed certificate when SSL is enabled.
In rare cases, the self-signed certificate for ArcGIS Server may no longer be valid, usually because the certificate has expired or the host name of the machine was changed. In these cases you will need to generate a new self-signed certificate. For instructions on how to do this, see Creating a new self-signed certificate.
If you want to view the default self-signed certificate, you can do so by following the instructions below:
- Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin.
- Browse to machines > [machine name] > sslcertificates > selfsignedcertificate.
Enable SSL for your site
- Log in to the ArcGIS Server Administrator Directory: http://gisserver.domain.com:6080/arcgis/admin.
- Browse to security > config > update.
- For the Protocol parameter, choose the HTTPS Only option and click Update. Your ArcGIS Server site is automatically restarted. In a developer environment, you may also choose to use the HTTP and HTTPS option. With this option, users will be able to access ArcGIS Server through either HTTP or HTTPS.
Note:
It takes ArcGIS Web Adaptor one minute to recognize changes to the communication protocol of your site.
Legacy:
In 10.2.1 and earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. In 10.2.2 and later versions, this is no longer necessary.
Access your site using SSL
Once SSL has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:
ArcGIS Server Manager | https://gisserver.domain.com:6443/arcgis/manager |
ArcGIS Server Services Directory | https://gisserver.domain.com:6443/arcgis/rest/services |
Note:
If you rename ArcGIS Server while SSL is enabled, you can continue to access ArcGIS Server using SSL; however, you must generate a new SSL certificate and configure ArcGIS Server to use it.
Import the certificate into the OS certificate store
For ArcGIS services such as the PrintingTools service to work with an SSL-enabled ArcGIS Server, the server's SSL certificate must be installed as a trusted certificate:
- Log in to the ArcGIS Server Administrator Directory.
- Browse to machines > [machine name] > sslcertificates.
- Click the SSL certificate being used by ArcGIS Server and click export. Save the file to a location on your computer.
- Open Certificate Manager. You can do this by clicking the Start button, typing certmgr.msc in the search box, and pressing the Enter key.
- In the Certificate Manager window, click Trusted Root Certificate Authorities and click Certificates.
- On the top menu, click Action and select All Tasks > Import.
- On the Certificate Import Wizard dialog box, click Next and follow the instructions in the wizard to import the certificate.
- Repeat the above steps for each GIS server in your site.