ArcGIS Enterprise Setup With Local CA and OpenSSL in Azure

288
0
11-10-2020 08:51 AM
kevintientcheu
New Contributor

Hello all, 

I am trying to configure https browsing through WebAdaptor after installing ArcGIS Server 10.8 on a Windows Server 2016 VM in MS Azure. I first created a local CA using OpenSSL as below: 

Create a new Certificate Authority:

1 |  req -x509 -newkey rsa:4096 -days 365 -keyout CA.key -out CAcert.pem

Create a new certificate request:

2 |  req -newkey rsa:4096 -keyout gisserv.key -out gisreq.pem

Sign the certificate request with the Certificate Authority which I created above:

3 |  x509 -req -in gisreq.pem -days 90 -CA CAcert.pem -CAkey CA.key -CAcreateserial -out gisserv-cert.pem -extfile gisext.cnf

Export the Certificate Authority as a PFX file:

4 |  pkcs12 -export -out CAcert.pfx -inkey CA.key -in CAcert.pem

Export the signed certificate as a PFX file:

5 |  pkcs12 -export -out giscert.pfx -inkey gisserv.key -in gisserv-cert.pem

The Common name for both certificates were set to the VM's name the first try and just some random names the second for testing. 

The DNS info for the signed certificate includes: localhost, the VM's name, and an assigned URL address.

Now that I had the two files, I added the CA (CAcert.pfx) to my Windows Server 2016 Trusted Root CAs. I then opened IIS, and in my site I added the signed certificate (giscert.pfx). I went and set the https binding on port 443 to use the signed certificate.

When I click to browse 443 from the arcgis app in IIS, I get the following error:

 NET::ERR_CERT_COMMON_NAME_INVALID

What am I missing?

0 Kudos
0 Replies