In order to build full trust within your environment it is important to have all your machines trust each other. This is especially important if Portal, Server, Data Store and Web Adaptor are all on different machines as within most environments the communication will be terminated if there is invalid trust which is caused by invalid certificates.
This blog will be short, sweet and to the point.
You will need the following to put inside of portal and server sslcertificate store if -->
You have an external environment:
You have an internal environment:
Then import each certificate into the server/portal internal web server through the admin endpoint starting with both Public CA and Domain CA Root Certificates - then all the Public CA and Domain CA intermediate certificates - then importing the domain CA pfx certificate for that specific machine to be used in order for valid certificate trust when accessing portal/server through the port (7443/6443)
You can also import the Domain CA certificate into the Data Store however most of the time this is not necessary.
How to import certificates into Portal, Server & Data Store:
Portal --> Import a certificate into the portal—Portal for ArcGIS (10.7 and 10.7.1) | ArcGIS Enterprise
Data Store --> Replace ArcGIS Data Store SSL certificate—Portal for ArcGIS (10.7 and 10.7.1) | ArcGIS Enterprise
A little bit about why this is important:
Security best practices—Portal for ArcGIS (10.7 and 10.7.1) | ArcGIS Enterprise
Directly from the above documentation -->
"Like ArcGIS Server, the ArcGIS Enterprise portal also comes with a preconfigured self-signed certificate. If you'll be federating your site with a portal, you should request a certificate from a trusted CA and configure the portal to use it.
Configuring a certificate from a trusted authority is a secure practice for web-based systems and will also prevent users from encountering any browser warnings or other unexpected behavior. If you choose to use the self-signed certificate included with ArcGIS Server and the ArcGIS Enterprise portal during testing, you will experience the following:
The above list of issues you will experience when using a self-signed certificate is not exhaustive. It's imperative that you use a CA-signed certificate to fully test and deploy your portal."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.