This tutorial shows you how you can configure HTTPS for ArcGIS Server using the default self-signed certificate. When you first create your ArcGIS Server site, a self-signed certificate is automatically created for each GIS server machine that participates in your site. By default, ArcGIS Server will use this self-signed certificate for HTTPS requests.
In rare cases, the self-signed certificate for ArcGIS Server may no longer be valid, usually because the certificate has expired or the host name of the machine was changed. In these cases you will need to generate a new self-signed certificate. For full instructions, see Create a new self-signed certificate.
If you want to view the default self-signed certificate, you can do so by following the instructions below:
- Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
- Browse to machines > [machine name] > sslcertificates > selfsignedcertificate.
Configure HTTPS only for your site
- Log in to the ArcGIS Server Administrator Directory: https://gisserver.domain.com:6443/arcgis/admin.
- Browse to security > config > update.
- For the Protocol parameter, choose the HTTPS Only option and click Update. Your ArcGIS Server site is automatically restarted.
Note:
It takes ArcGIS Web Adaptor one minute to recognize changes to the communication protocol of your site.
Legacy:
In 10.2.1 and earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. In 10.2.2 and later versions, this is no longer necessary.
Access your site using HTTPS
Once HTTPS has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:
ArcGIS Server Manager | https://gisserver.domain.com:6443/arcgis/manager |
ArcGIS Server Services Directory | https://gisserver.domain.com:6443/arcgis/rest/services |
Note:
If you rename ArcGIS Server while HTTPS is enabled, you can continue to access ArcGIS Server using HTTPS; however, you must generate a new certificate and configure ArcGIS Server to use it.
Import the certificate into the OS certificate store
For ArcGIS services such as the PrintingTools service to work with an HTTPS-enabled ArcGIS Server, the server's certificate must be installed as a trusted certificate:
- Log in to the ArcGIS Server Administrator Directory.
- Browse to machines > [machine name] > sslcertificates.
- Click the certificate being used by ArcGIS Server and click export. Save the file to the location where CA root certificates are stored on your computer.
- On the machine hosting ArcGIS Server, open the init_user_param.sh script in a text editor by browsing to the <ArcGIS Server installation directory>/arcgis/server/usr directory.
- Locate the line export CA_ROOT_CERTIFICATE_DIR=<Location_to_CA_Root_Certificate> and specify a location where all CA root certificates are stored on the system. Note that the specified directory needs to be accessible by the account that was used to install ArcGIS Server. You'll need to uncomment the lines by removing the pound sign (#) characters.
- Save and close the init_user_param.sh script.
- Restart ArcGIS Server. You can do this by running the startserver.sh script on each GIS server in your site.
- Repeat the above steps for each GIS server in your site.