When trying to publish a map service using python using the arcpy.mapping.CreateMapSDDraft I'm getting the following pop-up:
gis.mymetcon.com works to access our ArcGIS Server Manager and Admin Site. In our ArcGIS Server Administrator Directory under our machine, there are 3 SSL Certificates (root, selfsignedcertificate, and www.gis.mymetcon.com). I think the mismatch is coming in when I try to publish the service to our domain site (Metconapp.metcon.domain), but it is erroring since the name on the certificate is www.gis.mymetcon.com?
Any ideas on what might be going on? We are using Windows 2012 IIS 8 Server Manager. Our All the certificates seem to be valid and not expired.
Any troubleshooting help is greatly appreciated.
If the URL you use to connect to the Server within the .ags file is metconapp.metcon.domain, but the certificate is set to gis.mymetcon.com, then you'll get that prompt. You can either update the URL to point to gis.mymetcon.com or add metconapp.metcon.domain as a SAN to the certificate. If this is an externally facing site, then anyone can take a look at the certificate information and see the internal machine name of Server, though.
I don't think there's a technical limitation to using local server names, but it may not be best practice depending on how your site is accessed.
Are you on your internal network when attempting to access gis.mymetcon.com? Are you able to reach that URL in a browser? If you can reach it in a browser, you should be able to use it within the arcpy functions. If not, you may have firewall rules that block requests to that endpoint. You may have direct access to the 6443 endpoint of Server, for example https://metconapp.metcon.domain:6443/arcgis. You can try to use that URL instead.
I can reach the https://gis.mymetcon.com outside of the network, but not internally. I can access the https://metconapp.metcon.domain:6443/arcgis internally through a web browser, but when I try to connect to the server using that URL inside of ArcGIS Desktop it shows the certificate error that the names do not match and the certificate it directs to is for www.gis.mymetcon.com.
It sounds like you imported a new certificate for Servers internal web server, (6443):
This is fine to do, but you need to make sure the certificate CN or SAN is set for metconapp.metcon.domain. You can either get a new certificate from your certifying authority, (could be an external or a domain certifying authority), or use the self-signed certificate.
If you want to use the self-signed certificate, you'll need to tell any machines that you're connecting from to trust the certificate: