Skip To Content

Configure ArcGIS Server with an existing CA-signed certificate

If you already have a certificate issued by a commercial or internal Certificate Authority (CA), you can configure this existing certificate with ArcGIS Server. To import this certificate into ArcGIS Server, the certificate and its associated private key must be stored in the PKCS#12 format, which is represented by a file with either the .p12 or .pfx extension. The steps to configure an existing certificate are as follows:

  1. Import the certificate into ArcGIS Server.
  2. Configure ArcGIS Server to use the certificate.
  3. Configure each GIS server in your deployment.
  4. Import the certificate into the OS certificate store.
  5. Access your site.

Import the certificate into ArcGIS Server

To import the certificate into ArcGIS Server, complete the following steps:

  1. Sign in to the ArcGIS Server Administrator Directory as the primary site administrator or a user with administrative privileges, for example, https://gisserver.domain.com:6443/arcgis/admin.
  2. Browse to machines > [machine name] > sslcertificates.
  3. Click importExistingServerCertificate to import the server certificate and specify the following information:
    • Certificate password—Enter the password to unlock the file containing the certificate.
    • Alias—Enter a unique name that easily identifies the certificate (for example, domaincert).
    • Certificate file—Browse to the location of and select the existing CA-signed certificate file.
    • Import certificate chain—When selected, any root or intermediate certificates included in the .pfx or .p12 file will be imported as well. The alias for these certificates will match the alias entered above and will be appended with either _root or _intermediate depending on the type of certificate.
  4. Click Import.
    After importing an existing CA-signed certificate, the root and intermediate certificates may have already been imported. These would be listed under machines > [machine name] > sslcertificates.
  5. If the root and intermediate certificates were not imported or an additional root or intermediate certificate is needed, complete the following substeps:
    1. Click machines > [machine name] > sslcertificates > ImportRootOrIntermediate.
    2. Browse to the location of and select the root certificate provided by the CA.
    3. Enter a unique name for the alias.
    4. Click Import. If the CA issued additional intermediate certificates, import those as well.

      Do not import the CA-signed certificate.

Configure ArcGIS Server to use the certificate

To specify the certificate that ArcGIS Server should use, complete the following steps:

  1. Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
  2. Browse to machines > [machine name].
  3. Click edit.
  4. Type the name of the certificate that you want to use in the Web server SSL Certificate field.
  5. Click Save Edits to apply your change. This automatically restarts your ArcGIS Server site.
  6. After your site is restarted, verify that you can access the URL https://gisserver.domain.com:6443/arcgis/admin. If you do not get a response from this URL, ArcGIS Server was unable to use the certificate. Log in to the ArcGIS Server Administrator Directory at http://gisserver.domain.com:6080/arcgis/admin, check your SSL certificate, and configure ArcGIS Server to use a new or different certificate.
  7. On the current page, view the property Web server SSL Certificate to verify that the desired certificate will be used for HTTPS.

Configure each GIS server in your deployment

If you have a multiple-machine deployment of ArcGIS Server, you must repeat the steps in the previous sections for each server machine in your site. Once all certificates have been imported, restart each machine in the ArcGIS Server site.

Import the certificate into the OS certificate store

Import the CA's root certificate into the operating system's certificate store:

  1. Sign in to a machine hosting ArcGIS Server.
  2. Copy the signed certificate received from the CA to a location on this computer.
  3. Open this certificate, and click the Certificate Path tab.

    If Certificate Status is set to This certificate is OK, the CA root certificate is present in the Windows certificate store and does not need to be imported. Proceed to step 11.

  4. Copy the CA root certificate to a location on this computer.
  5. Open this certificate, and click the General tab. Click the Install Certificate button.
  6. Once the Certificate Import Wizard opens to the Welcome panel, select Local Machine and click Next.
  7. In the Certificate Store panel, choose the Place all certificates in the following store option.
  8. Click the Browse button. On the Select Certificate Store dialog box, select Trusted Root Certification Authorities and click Ok.
  9. In the Certificate Store panel, click Next.
  10. Click Finish.
  11. Repeat steps 1 through 11 for each GIS server in your site.
  12. Restart each GIS server in your site.

Access your site

With HTTPS enabled by default, ArcGIS Server listens on port 6443 for requests. Use the URLs below to securely access ArcGIS Server:

ArcGIS Server Manager

https://gisserver.domain.com:6443/arcgis/manager

ArcGIS Server Services Directory

https://gisserver.domain.com:6443/arcgis/rest/services

Note:

If you rename ArcGIS Server, you can continue to access ArcGIS Server using HTTPS; however, you must generate a new certificate and configure ArcGIS Server to use it.