When you install an SSL certificate in ArcGIS Server, Portal, or the Data Store, should you delete the self-signed certificate when you are done?
Solved! Go to Solution.
No, you shall not delete the self-signed certificate.
No, you shall not delete the self-signed certificate.
No!
Don't delete it.
Don't Delete
Yes, it is recommended to delete the self-signed certificate after installing an SSL certificate in ArcGIS Server, Portal, or the Data Store. The self-signed certificate is typically used for initial setup or testing purposes. Once a valid SSL certificate is installed, it enhances security and authenticity. Deleting the self-signed certificate helps ensure that the system relies on the newly installed, trusted certificate for secure communication.
@GraceSmith99, seeing the consensus is not to delete it, can you provide references to documentation that recommend deleting it?
Yes, it's generally a good practice to remove the self-signed certificate after installing a trusted SSL certificate in ArcGIS Server, Portal, or the Data Store. This helps ensure that the system uses the newly installed, trusted certificate for secure communications. Removing the self-signed certificate can prevent potential confusion and ensures that the system relies exclusively on the custom SSL certificate for secure connections. Always make sure to back up any certificates before removal in case they are needed for future reference or troubleshooting.
@CharmiPatel21, welcome to Esri Community. Esri Community is a great resource for Esri users to learn about ArcGIS products, and what helps users learn is providing documentation or references to documentation when talking about good, bad, or any time of practices.
The certificate that ArcGIS Server, Portal, etc... use is explicitly specified as a machine-level setting (webServerCertificateAlias) in Edit Machine—ArcGIS REST APIs | ArcGIS Developers. Whether there is 1 certificate, 2 certificates, or 10 certificates on the machine; it is only the one specified in the property that is used by ArcGIS so leaving the original self-signed certificate does not create any risk of confusion for the software.
I left the SSL certificate in place with no problem. What I'm interested in knowing is if the server will use the self-signed certificate if the CA certificate expires.
I can't say I have seen documentation specifically addressing that question, but I have never seen ArcGIS Server change a certificate on its own, i.e., I have always seen it stick with the expired certificate if that is the certificate it is told to use.