When you create your ArcGIS Server site, a self-signed certificate is automatically created for each server machine that participates in your site. This tutorial shows you how you can configure ArcGIS Server using the default self-signed certificate. By default, ArcGIS Server will use this self-signed certificate for HTTPS requests.
In rare cases, the self-signed certificate for ArcGIS Server may no longer be valid, usually because the certificate has expired or the host name of the machine was changed. In these cases, you will need to generate a new self-signed certificate. For full instructions, see Create a new self-signed certificate.
If you want to view the default self-signed certificate, you can do so by following the instructions below:
- Log in to the ArcGIS Server Administrator Directory at https://gisserver.domain.com:6443/arcgis/admin.
- Browse to machines > [machine name] > sslcertificates > selfsignedcertificate.
Access your site
With HTTPS enabled by default, ArcGIS Server listens on port 6443 for requests. Use the URLs below to securely access ArcGIS Server:
ArcGIS Server Manager
ArcGIS Server Services Directory
If you rename ArcGIS Server, you can continue to access ArcGIS Server using HTTPS; however, you must generate a new certificate and configure ArcGIS Server to use it.
Import the certificate into the OS certificate store
For ArcGIS services, such as the PrintingTools service, to work with ArcGIS Server, the server's certificate must be installed as a trusted certificate:
- Log in to the ArcGIS Server Administrator Directory.
- Browse to machines > [machine name] > sslcertificates.
- Click the certificate being used by ArcGIS Server and click export. Save the file to the location where CA root certificates are stored on your computer.
- On the machine hosting ArcGIS Server, open the init_user_param.sh script in a text editor by browsing to the <ArcGIS Server installation directory>/arcgis/server/usr directory.
- Locate the line export CA_ROOT_CERTIFICATE_DIR=<Location_to_CA_Root_Certificate> and specify a location where all CA root certificates are stored on the system. Note that the specified directory needs to be accessible by the account that was used to install ArcGIS Server. You'll need to uncomment the lines by removing the pound sign (#) characters.
- Save and close the init_user_param.sh script.
- Restart ArcGIS Server. You can do this by running the startserver.sh script on each GIS server in your site.
- Repeat the above steps for each GIS server in your site.