https://community.esri.com/t5/arcgis-enterprise-questions/idea-add-native-automated-certificate-management-e/m-p/1686845#M43833 <DIV class=""><SPAN class="">Hi Everyone,</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">With the upcoming industry-wide changes to public TLS certificate lifetimes, I wanted to propose an enhancement for ArcGIS Enterprise and see how the rest of the community is planning to handle this.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>The Upcoming Challenge:</STRONG>&nbsp;T<SPAN class="">he maximum lifetime for public TLS certificates is rapidly accelerating toward much shorter durations.&nbsp;</SPAN><SPAN class="">According to recent announcements:</SPAN></DIV><DIV class="">&nbsp;</DIV><UL class=""><LI><STRONG>March 15, 2026:</STRONG><SPAN class=""> Maximum lifetime reduces to 200 days</SPAN></LI><LI><STRONG>March 15, 2027:</STRONG><SPAN class=""> Maximum lifetime reduces to 100 days</SPAN></LI><LI><STRONG>March 15, 2029:</STRONG><SPAN class=""> Maximum lifetime reduces to just 47 days</SPAN></LI></UL><P><SPAN class=""><STRONG>Reference Link</STRONG> -&nbsp;</SPAN><A title="https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days" href="https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days" target="_blank" rel="noopener noreferrer">TLS Certificate Lifetimes Will Officially Reduce to 47 Days | DigiCert</A></P><DIV class=""><DIV class="">&nbsp;</DIV></DIV><DIV class=""><STRONG>The Impact on ArcGIS Enterprise:</STRONG> <SPAN class="">Currently, updating certificates in ArcGIS Enterprise (such as the IIS Web Adaptor and the Portal/Server Admin Web Servers) requires significant manual intervention.</SPAN><SPAN class="">&nbsp;If you are using an existing CA-signed certificate, the current workflow requires administrators to log into the Administrator Directory, manually import the .p12 or .pfx file, update the web server SSL certificate property, and restart the ArcGIS Server site. </SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">Crucially</SPAN><SPAN class="">, if you have a multiple-machine deployment, these manual steps must be repeated for </SPAN><I>each</I><SPAN class=""> GIS server in the deployment.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">By 2029, we will be forced to perform these manual certificate updates and service restarts every 47 days. While</SPAN><SPAN class="">&nbsp;public Application Load Balancers (ALBs) and Gateways can leverage protocols like ACME for automatic updates, ArcGIS Enterprise currently lacks an equivalent built-in automation for its internal web server components. This</SPAN><SPAN class="">&nbsp;frequency will introduce severe manual overhead and significantly increase the risk of operational downtime if a certificate update is missed.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>The Proposed Enhancement:</STRONG> <SPAN class="">We are requesting that Esri introduce automated certificate lifecycle management (such as native ACME protocol support) directly into ArcGIS Enterprise.</SPAN></DIV><DIV class=""><SPAN class="">This built-in automation would allow ArcGIS Server and Portal to automatically fetch, bind, and apply renewed certificates seamlessly, entirely removing the need for manual administrative overhead and manual service restarts.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>Community Question:</STRONG> <SPAN class="">Is anyone else looking at this 47-day timeline and worrying about the manual overhead? Are you currently building your own custom automation to handle this</SPAN><SPAN class="">?</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">If you agree that Esri should provide a native, out-of-the-box solution to automatically manage these certificates, </SPAN><STRONG>please give this post a Kudos / Upvote!</STRONG></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">Thanks!</SPAN></DIV><DIV class=""><SPAN class="">Ayush</SPAN></DIV> Thu, 26 Feb 2026 10:54:03 GMT AYUSHYADAV 2026-02-26T10:54:03Z https://community.esri.com/t5/arcgis-enterprise-questions/idea-add-native-automated-certificate-management-e/m-p/1686845#M43833 <DIV class=""><SPAN class="">Hi Everyone,</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">With the upcoming industry-wide changes to public TLS certificate lifetimes, I wanted to propose an enhancement for ArcGIS Enterprise and see how the rest of the community is planning to handle this.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>The Upcoming Challenge:</STRONG>&nbsp;T<SPAN class="">he maximum lifetime for public TLS certificates is rapidly accelerating toward much shorter durations.&nbsp;</SPAN><SPAN class="">According to recent announcements:</SPAN></DIV><DIV class="">&nbsp;</DIV><UL class=""><LI><STRONG>March 15, 2026:</STRONG><SPAN class=""> Maximum lifetime reduces to 200 days</SPAN></LI><LI><STRONG>March 15, 2027:</STRONG><SPAN class=""> Maximum lifetime reduces to 100 days</SPAN></LI><LI><STRONG>March 15, 2029:</STRONG><SPAN class=""> Maximum lifetime reduces to just 47 days</SPAN></LI></UL><P><SPAN class=""><STRONG>Reference Link</STRONG> -&nbsp;</SPAN><A title="https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days" href="https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days" target="_blank" rel="noopener noreferrer">TLS Certificate Lifetimes Will Officially Reduce to 47 Days | DigiCert</A></P><DIV class=""><DIV class="">&nbsp;</DIV></DIV><DIV class=""><STRONG>The Impact on ArcGIS Enterprise:</STRONG> <SPAN class="">Currently, updating certificates in ArcGIS Enterprise (such as the IIS Web Adaptor and the Portal/Server Admin Web Servers) requires significant manual intervention.</SPAN><SPAN class="">&nbsp;If you are using an existing CA-signed certificate, the current workflow requires administrators to log into the Administrator Directory, manually import the .p12 or .pfx file, update the web server SSL certificate property, and restart the ArcGIS Server site. </SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">Crucially</SPAN><SPAN class="">, if you have a multiple-machine deployment, these manual steps must be repeated for </SPAN><I>each</I><SPAN class=""> GIS server in the deployment.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">By 2029, we will be forced to perform these manual certificate updates and service restarts every 47 days. While</SPAN><SPAN class="">&nbsp;public Application Load Balancers (ALBs) and Gateways can leverage protocols like ACME for automatic updates, ArcGIS Enterprise currently lacks an equivalent built-in automation for its internal web server components. This</SPAN><SPAN class="">&nbsp;frequency will introduce severe manual overhead and significantly increase the risk of operational downtime if a certificate update is missed.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>The Proposed Enhancement:</STRONG> <SPAN class="">We are requesting that Esri introduce automated certificate lifecycle management (such as native ACME protocol support) directly into ArcGIS Enterprise.</SPAN></DIV><DIV class=""><SPAN class="">This built-in automation would allow ArcGIS Server and Portal to automatically fetch, bind, and apply renewed certificates seamlessly, entirely removing the need for manual administrative overhead and manual service restarts.</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><STRONG>Community Question:</STRONG> <SPAN class="">Is anyone else looking at this 47-day timeline and worrying about the manual overhead? Are you currently building your own custom automation to handle this</SPAN><SPAN class="">?</SPAN></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">If you agree that Esri should provide a native, out-of-the-box solution to automatically manage these certificates, </SPAN><STRONG>please give this post a Kudos / Upvote!</STRONG></DIV><DIV class="">&nbsp;</DIV><DIV class=""><SPAN class="">Thanks!</SPAN></DIV><DIV class=""><SPAN class="">Ayush</SPAN></DIV> Thu, 26 Feb 2026 10:54:03 GMT https://community.esri.com/t5/arcgis-enterprise-questions/idea-add-native-automated-certificate-management-e/m-p/1686845#M43833 AYUSHYADAV 2026-02-26T10:54:03Z https://community.esri.com/t5/arcgis-enterprise-questions/idea-add-native-automated-certificate-management-e/m-p/1690272#M43913 <P>Hi&nbsp;<a href="https://community.esri.com/t5/user/viewprofilepage/user-id/110315">@AYUSHYADAV</a>,</P><P>Ideas should be posted on the ArcGIS Enterprise Ideas channel&nbsp;<A href="https://community.esri.com/t5/arcgis-enterprise-ideas/idb-p/arcgis-enterprise-ideas" target="_blank">ArcGIS Enterprise Ideas - Esri Community</A></P><P>Regards,</P><P>Glen</P> Thu, 12 Mar 2026 17:03:56 GMT https://community.esri.com/t5/arcgis-enterprise-questions/idea-add-native-automated-certificate-management-e/m-p/1690272#M43913 GlenterpriseUK 2026-03-12T17:03:56Z