Installing SSL Certificate

NathanHeickLACSD · ‎02-08-2024

When you install an SSL certificate in ArcGIS Server, Portal, or the Data Store, should you delete the self-signed certificate when you are done?

MarceloMarques · ‎02-08-2024

No, you shall not delete the self-signed certificate.

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |

View solution in original post

MarceloMarques · ‎02-08-2024

No, you shall not delete the self-signed certificate.

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |

MingLee · ‎02-09-2024

No!

Don't delete it.

YuvarajS · ‎02-09-2024

Don't Delete

GraceSmith99 · ‎02-18-2024

Yes, it is recommended to delete the self-signed certificate after installing an SSL certificate in ArcGIS Server, Portal, or the Data Store. The self-signed certificate is typically used for initial setup or testing purposes. Once a valid SSL certificate is installed, it enhances security and authenticity. Deleting the self-signed certificate helps ensure that the system relies on the newly installed, trusted certificate for secure communication.

JoshuaBixby · ‎02-19-2024

@GraceSmith99, seeing the consensus is not to delete it, can you provide references to documentation that recommend deleting it?

CharmiPatel21 · ‎03-07-2024

Yes, it's generally a good practice to remove the self-signed certificate after installing a trusted SSL certificate in ArcGIS Server, Portal, or the Data Store. This helps ensure that the system uses the newly installed, trusted certificate for secure communications. Removing the self-signed certificate can prevent potential confusion and ensures that the system relies exclusively on the custom SSL certificate for secure connections. Always make sure to back up any certificates before removal in case they are needed for future reference or troubleshooting.

JoshuaBixby · ‎03-08-2024

@CharmiPatel21, welcome to Esri Community. Esri Community is a great resource for Esri users to learn about ArcGIS products, and what helps users learn is providing documentation or references to documentation when talking about good, bad, or any time of practices.

The certificate that ArcGIS Server, Portal, etc... use is explicitly specified as a machine-level setting (webServerCertificateAlias) in Edit Machine—ArcGIS REST APIs | ArcGIS Developers. Whether there is 1 certificate, 2 certificates, or 10 certificates on the machine; it is only the one specified in the property that is used by ArcGIS so leaving the original self-signed certificate does not create any risk of confusion for the software.

NathanHeickLACSD · ‎03-08-2024

I left the SSL certificate in place with no problem. What I'm interested in knowing is if the server will use the self-signed certificate if the CA certificate expires.

JoshuaBixby · ‎03-08-2024

I can't say I have seen documentation specifically addressing that question, but I have never seen ArcGIS Server change a certificate on its own, i.e., I have always seen it stick with the expired certificate if that is the certificate it is told to use.