Portal Certificate Problem

MatsHardy · ‎01-31-2018

I have a Portal server and replaced the default SSL certificate by the IIS certificate, but then I cannot access the Portal admin functions. I found the following rows in Portal log,

<Msg time="2018-01-31T12:45:25,580" type="SEVERE" code="218010" source="Portal Admin" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">入口網站已初始化和配置，但無法存取。內部入口網站資料庫似未執行或接受連線。請重新啟動入口網站電腦，若持續發生問題，請聯絡 Esri 技術支援 (美國) 或您的經銷商 (美國境外客戶)。</Msg>
<Msg time="2018-01-31T12:45:25,580" type="WARNING" code="218012" source="Portal Admin" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">檢查和更新 URL 時發生錯誤。入口網站目前無法使用。請聯絡您的入口網站管理員。</Msg>
<Msg time="2018-01-31T12:45:29,561" type="WARNING" code="217014" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">URL 更新程式上發生錯誤。 C:\Program Files\ArcGIS\Portal\apps\GeoList\index.html</Msg>
<Msg time="2018-01-31T12:45:50,952" type="WARNING" code="218014" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">正在啟動索引服務。</Msg>
<Msg time="2018-01-31T12:46:31,234" type="WARNING" code="218015" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">已啟動索引服務。</Msg>
<Msg time="2018-01-31T12:46:47,363" type="WARNING" code="217060" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">資料庫伺服器發現已停止。正在重新啟動它。</Msg>
<Msg time="2018-01-31T12:46:58,729" type="WARNING" code="217064" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">Web 伺服器發現已停止。正在重新啟動它。</Msg>
<Msg time="2018-01-31T17:25:11,218" type="WARNING" code="217064" source="Portal" process="1720" thread="1" methodName="" machine="xxx" user="" elapsed="">Web 伺服器發現已停止。正在重新啟動它。</Msg>
<Msg time="2018-01-31T17:29:06,115" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:29:15,308" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:29:28,917" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:29:34,790" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:30:03,892" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:30:08,739" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:32:51,737" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:41:44,410" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:48:36,202" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:49:11,496" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>
<Msg time="2018-01-31T17:49:51,833" type="WARNING" code="219999" source="Portal Admin" process="4024" thread="14" methodName="" machine="xxx" user="" elapsed=""> Failed to generate a token for user 'admin'. javax.net.ssl.SSLException: hostname in certificate didn't match: <xxx> != <xxx.yyy.com></Msg>

It seems that the hostname of the IIS certificate does not match the Portal hostname. But now I cannot access any admin functions, how I restore the certificate to default one? Many Thanks.

JoeHershman · ‎01-31-2018

Common problems and solutions—Portal for ArcGIS (10.6) | ArcGIS Enterprise

Thanks,
-Joe

MatsHardy · ‎02-01-2018

Thanks a lot, the solution works, I just need to modify server.xml.

JonathanQuinn · ‎01-31-2018

If your certificate in IIS is a domain or CA signed certificate, and that's the reason you want to use it in Portal, you can add a SAN to the certificate and set the SAN to your portal's hostname. Then, reimport your certificate to use for 7443.