How many SSL certificates does ArcGIS Server need?

FilipKrál · ‎01-30-2015

Hi, I would appreciate if somebody could clarify how many SSL certificates I need in the following setup.

Windows server with IIS7+ with ArcGIS for Server 10.2.2 and WebAdaptor configured.

Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server? Therefore, I need one CA-signed certificate for ArcGIS Server and if I am going to host some secure web application on the same machine I need another CA-signed certificate for IIS right? The ArcGIS Server services should be available to client applications hosted on other servers too and therefore both my certificates need to be CA-signed. WebAdaptor does not need any certificate.

Is that correct?

Filip.

RandallWilliams · ‎01-30-2015

Hi Filip,

1. Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server?

A. Correct

Personally, here's what I'd do, especially if I'm hosting the web server (IIS) and ArcGIS Server on the same machine:

a. Use new self signed certificate created via the Admin API with a CN that matches the machine's FQDN

b. Configure IIS with a CA signed certificate

c. Connect the web adaptor to the GIS Server (port 6443)

d. Deploy the web apps on the same server.

This way both the web adaptor and applications are both behind a single SSL certificate. At this point, you just provide users with the URL to the web adaptor. I prefer not to expose ArcGIS Server to users on ports 6080 or 6443, so even if I chose NOT to deploy a web adaptor I would still follow this same workflow, but configuring IIS as a reverse proxy to expose the GIS Server to the public.

FilipKrál · ‎02-05-2015

Hi Randal, do you think the approach you outlined above (CA signed certificate for IIS and self signed certificate for ArcGIS while connecting web adaptor to ArcGIS on 6443) would work for applications hosted on other servers too? I think it should work but if you have tried this before maybe you can confirm.

Many thanks,

Filip.

RandallWilliams · ‎02-05-2015

I *absolutely* know it will work - I only suggested deploying apps on the same web server instance to save a little money on the certificates.

You'd want a certificate for that application server so that you don't get mixed content messages in the browser, but as long as the solution uses SSL all the way through from end to end, you'll be golden.

BillDoerflein · ‎03-15-2018

I believe that we are having the same issue. We just recently upgraded to ArcGIS server 10.5.1 along with WebPortal and Portal for Server. We have our map created that we want to share but when I try to share the map or use the link on any workstation it's asking for a username and password. We were told to contact our IT department for help with a certificate to access the server and share the map to the public world. I'd like to think this is pretty much the same issue as above.

DavidArenas_Serrano · ‎01-10-2019

If the message given by your map is similar to this:

Yo need to change the share property of your map to public.