Community

ArcGIS Pro/Portal Security Alert - Certificate does not match the name of site you are trying to view

8157
5
Jump to solution
09-08-2020 11:36 AM
GeoffreyWest4
by
Emerging Contributor
‎09-08-2020 11:36 AM

I am connecting to a Portal with ArcGIS Pro and am receiving the alert below.  I am able to access Portal with the cert appearing as valid and the site is trusted.  I have added the intermediate, root, and private key certs to portaladmin.  The only thing that seems to be a bit different than previous configs is that the certificate store is in WebHosting versus personal.  Does this matter?  How do I resolve the security alert in Pro with my portal URL.  I am using a wildcard cert.  This an ArcGIS Enterprise 10.8.1 Base Deployment as well.  

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎09-08-2020 02:07 PM

You could try to run Fiddler when starting Pro to see where the request is going. If the domain of any of the URLs being accessed does not match your certificate, that may explain the popup especially considering it's stating that the certificate does not match the name of the site.

View solution in original post

5 Replies
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎09-08-2020 01:53 PM

ArcGIS Pro is likely complaining about the certificate used for the Admin URL of the deployment. If you looked at the certificate, (clicking on the View Certificate button), is the CN the wildcard, or the FQDN of the machine? If it's the FQDN of the machine, you can do two things:

1) Import the certificate into the Trusted Root Certificate Authority store on any machine that will be connecting to the deployment

2) Import a new certificate to use for ArcGIS Server's web server

    Configure ArcGIS Server with an existing CA-signed certificate—ArcGIS Server | Documentation for Arc... 

Going through the first suggestion is a bit burdensome because you need to do that on any machine running ArcGIS Pro. Going through the second suggestion is a better option because as long as the client machine trusts that signed certificate, you won't see the popup.

0 Kudos
GeoffreyWest4
by
Emerging Contributor
‎09-08-2020 01:59 PM

Thanks Jon, 

The CN is the wildcard.  Do you know how I can resolve it with this being the case?

0 Kudos
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎09-08-2020 02:07 PM

You could try to run Fiddler when starting Pro to see where the request is going. If the domain of any of the URLs being accessed does not match your certificate, that may explain the popup especially considering it's stating that the certificate does not match the name of the site.

GeoffreyWest4
by
Emerging Contributor
‎09-08-2020 02:15 PM

Good call Jon - 

That was the issue - when authenicating a request was made to *.ssp.com instead of *sspinnovations.com.

0 Kudos
JeffGarland
by
Emerging Contributor
‎07-23-2021 11:48 AM

Same issue w/ wildcard as the CN and added detail of being an external cert. External cert FQDN is different from local AD domain.  Thus cert is *.externaldomain.com, FQDN is box.externaldomain.com while FQDN for server PC is box.internaldomain.local.  (Use of CName in the DNS directs the external FQDN to local FQDN.  Utilize  WebContextURL property on Server to facilitate.) 

Did the client PC step above. No fix. 

 Fiddler shows initially hitting the external FQDN via the HTTP port 443, then querying for download.esri.com, then esrisoftware.esri.com, then it queries for the local AD domain FQDN and fails.  

Workaround is to set AGOL portal as the active, but would like to fix if possible.

0 Kudos