Can anyone help with installing SSL certificate on Server on AWS (Windows)?

382
4
01-20-2020 01:27 PM
Highlighted
Occasional Contributor II

**I am not an IT Person**

We had to do disaster recovery on our arcGIS server and it seems we no longer have the SSL certificate, so none of our services are HTTPS, meaning nothing loads in arcGIS online or websites or anything because everything reverts to https.

I need help installing an SSL certificate on my AWS Cloud instance running arcGIS for Server.

We purchased the domain on AWS via route 53.

There's a certificate in the certificate manager, it is issued.

There are elastic load balancer settings - not sure what this does.

There's web adaptor installed.

I called ESRI technical support and they said I need a pfx file to change the settings correctly in IIS on my server instance, but I can't find this pfx file or how to export it from AWS.

Does anyone know what I am talking about? help would be greatly appreciated!

Tags (2)
Reply
0 Kudos
4 Replies
Highlighted
Esri Contributor

Hello Aurelie Shapiro

I've linked documentation below which goes through the process of configuring a new or existing CA-singed certificate with ArcGIS Server. To export the certificate as a .PFX file you'll need to "export the private key". You will then also need to secure the certificate with a password. Depending on how the certificate was created you may have this options through IIS.

  • IIS > "Web Sever Name" > Server Certificates

ArcGIS Server - Configure ArcGIS Server with a new CA-signed certificate

ArcGIS Server - Configure ArcGIS Server with an existing CA-signed certificate

If you want to update your bindings (e.g. 443) you can also do that through IIS.

 IIS > "Web Sever Name" > Default Web Site > Actions > Bindings

I hope this helps!

Thanks,

Thomas.

Highlighted
Occasional Contributor II

Thank you that was very helpful!


In addition I needed to connect the right SSL certificate in the Load Balancer on Amazon. Learn something new every day!

Highlighted
Occasional Contributor

@TJones-esristaff - most of the times CA signed certificates returned from authorities do not have option to export with private key. What should we do in this situation?

Reply
0 Kudos
Highlighted
New Contributor III

When we can't generate a private key, it typically means we aren't on the same system that generated the CSR in which the certificate was built off of.  This article might provide some insight: Using Microsoft IIS to generate CSR and Private Key - Druva Documentation.  If you remember which system generated your CSR, you can try to import the certificate onto that system and then export with the privacy key as well.