CA Certificate - Web Server Machine Certificate or Server Machine Certificate?

lmr880

Hello ,

I was wondering if the CA Certificate linked with the ArcGIS Server https://myserver.domain.com:6443/arcgis/rest should be issued to the web server/web adaptor machine or be issued to the ArcGIS Server machine name?

Name of CA Cert issued to Server Machine is = Myserver

Name of CA Cert issued to Webserver/Web Adaptor Machine is = Webservername

Also would the same scenario apply to Portal?

This will eventually be part of portal ha environment.

JoshuaBixby

I must admit I don't think I completely understand the question. If users are going to be connecting directly to an ArcGIS Server machine via port 6443, than the certificate would need to be for and installed on the ArcGIS Server machine and not the Web Adaptor. That said, in most deployments users connect to Web Adaptors and not directly to ArcGIS Server machines, so it is usually the Web Adaptors where the certificates matter. There are organizations with IT security shops that don't support any self-signed certificates, but generally the backend or private components can operate with self-signed certificates while the public-facing components have organization or public certificates.

HenryLindemann

Hi @lmr880, you can deploy the CA certificate to the backend server running on 6443 7443 etc. for the backend you would need to generate the certificate on the machine name e.g. the backend dns.

https://backend.dns.com:6443/arcgis ca-certificate on backend name loaded into ArcGIS server /portal admin
https://frontend.dns.com/server public certificate loaded in webserver using the "friendly DNS"

This applies for portal and server, datastore etc.

For the frontend you need to consider if you are public facing or not if you are public facing then you need a public certificate otherwise you can use a CA.

Hope this clears it up.
Regards
Henry