ArcGIS Pro/Portal Security Alert - Certificate does not match the name of site you are trying to view

8160
5
Jump to solution
09-08-2020 11:36 AM
GeoffreyWest4
Emerging Contributor

I am connecting to a Portal with ArcGIS Pro and am receiving the alert below.  I am able to access Portal with the cert appearing as valid and the site is trusted.  I have added the intermediate, root, and private key certs to portaladmin.  The only thing that seems to be a bit different than previous configs is that the certificate store is in WebHosting versus personal.  Does this matter?  How do I resolve the security alert in Pro with my portal URL.  I am using a wildcard cert.  This an ArcGIS Enterprise 10.8.1 Base Deployment as well.  

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

You could try to run Fiddler when starting Pro to see where the request is going. If the domain of any of the URLs being accessed does not match your certificate, that may explain the popup especially considering it's stating that the certificate does not match the name of the site.

View solution in original post

5 Replies
JonathanQuinn
Esri Notable Contributor

ArcGIS Pro is likely complaining about the certificate used for the Admin URL of the deployment. If you looked at the certificate, (clicking on the View Certificate button), is the CN the wildcard, or the FQDN of the machine? If it's the FQDN of the machine, you can do two things:

1) Import the certificate into the Trusted Root Certificate Authority store on any machine that will be connecting to the deployment

2) Import a new certificate to use for ArcGIS Server's web server

    Configure ArcGIS Server with an existing CA-signed certificate—ArcGIS Server | Documentation for Arc... 

Going through the first suggestion is a bit burdensome because you need to do that on any machine running ArcGIS Pro. Going through the second suggestion is a better option because as long as the client machine trusts that signed certificate, you won't see the popup.

0 Kudos
GeoffreyWest4
Emerging Contributor

Thanks Jon, 

The CN is the wildcard.  Do you know how I can resolve it with this being the case?

0 Kudos
JonathanQuinn
Esri Notable Contributor

You could try to run Fiddler when starting Pro to see where the request is going. If the domain of any of the URLs being accessed does not match your certificate, that may explain the popup especially considering it's stating that the certificate does not match the name of the site.

GeoffreyWest4
Emerging Contributor

Good call Jon - 

That was the issue - when authenicating a request was made to *.ssp.com instead of *sspinnovations.com.

0 Kudos
JeffGarland
Emerging Contributor

Same issue w/ wildcard as the CN and added detail of being an external cert. External cert FQDN is different from local AD domain.  Thus cert is *.externaldomain.com, FQDN is box.externaldomain.com while FQDN for server PC is box.internaldomain.local.  (Use of CName in the DNS directs the external FQDN to local FQDN.  Utilize  WebContextURL property on Server to facilitate.) 

Did the client PC step above. No fix. 

 Fiddler shows initially hitting the external FQDN via the HTTP port 443, then querying for download.esri.com, then esrisoftware.esri.com, then it queries for the local AD domain FQDN and fails.  

Workaround is to set AGOL portal as the active, but would like to fix if possible.

0 Kudos