If you already have a certificate issued by a commercial or internal Certificate Authority (CA), you can use this existing certificate to configure HTTPS in ArcGIS Server. To import this certificate into ArcGIS Server, the certificate and its associated private key must be stored in the PKCS#12 format, which is represented by a file with either the .p12 or .pfx extension. The steps to configure HTTPS using an existing certificate are as follows:
Import the certificate into ArcGIS Server
Legacy:
In versions 10.5.1 and earlier, you imported SSL root certificates into the OS certificate store using the CA_ROOT_CERTIFICATE_DIR variable of the init_user_param.sh script. At 10.6, this step is no longer necessary.
- Sign in to the ArcGIS Server Administrator Directory as the primary site administrator or a user with administrative privileges, for example, https://gisserver.domain.com:6443/arcgis/admin.
- Browse to machines > [machine name] > sslcertificates.
- Since the certificate you are importing was issued by a CA, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate.
- Click importExistingServerCertificate to import the server certificate.
- In the Certificate password field, type the password to unlock the file containing the certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the .p12 or .pfx file that contains the certificate and its private key.
- Click Import to import the certificate.
Configure ArcGIS Server to use the certificate
To specify the certificate that ArcGIS Server should use, complete the following steps:
- Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
- Browse to machines > [machine name].
- Click edit.
- Type the name of the certificate that you want to use in the Web server SSL Certificate field.
- Click Save Edits to apply your change. This automatically restarts your ArcGIS Server site.
- After your site is restarted, verify that you can access the URL https://gisserver.domain.com:6443/arcgis/admin. If you do not get a response from this URL, ArcGIS Server was unable to use the certificate. Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin, check your SSL certificate, and configure ArcGIS Server to use a new or different certificate.
- On the current page, view the property Web server SSL Certificate to verify that the desired certificate will be used for HTTPS.
Configure each GIS server in your deployment
If you have a multiple-machine deployment of ArcGIS Server, you must repeat the steps in the previous sections for each server in your site. Once all certificates have been imported, restart each machine in the ArcGIS Server site.
Configure HTTPS only for your site
- Log in to the ArcGIS Server Administrator Directory: https://gisserver.domain.com:6443/arcgis/admin.
- Browse to security > config > update.
- For the Protocol parameter, choose the HTTPS Only option and click Update. Your ArcGIS Server site is automatically restarted.
Note:
It takes ArcGIS Web Adaptor one minute to recognize changes to the communication protocol of your site.
Legacy:
In 10.2.1 and earlier versions, you were required to reconfigure ArcGIS Web Adaptor after updating the communication protocol of ArcGIS Server. In 10.2.2 and later versions, this is no longer necessary.
Access your site using HTTPS
Once HTTPS has been configured, ArcGIS Server listens on port 6443 for HTTPS requests. Use the URLs below to securely access ArcGIS Server:
ArcGIS Server Manager | https://gisserver.domain.com:6443/arcgis/manager |
ArcGIS Server Services Directory | https://gisserver.domain.com:6443/arcgis/rest/services |
Note:
If you rename ArcGIS Server while HTTPS is enabled, you can continue to access ArcGIS Server using HTTPS; however, you must generate a new certificate and configure ArcGIS Server to use it.