Patchnotification tool unable to connect to proxy with SSL interception enabled

ar_tw · ‎06-03-2025

We are using ArcGIS Enterprise in an environment with an outbound HTTPS proxy that performs SSL interception. While accessing HTTPS resources (such as https://downloads.arcgis.com) from a browser or using curl with our proxy CA installed works as expected, the ArcGIS Patch Notification Tool fails to connect, suggesting a trust or SSL handshake failure.

Loading the Root CA cert into Portal, and Server didn't seem to work. Which kind of makes sense - I doubt the patchnofitication tool actually goes to cehck the Portal cert store - I would imagine it is a stand alon application.

Investigation shows that loading the proxy CA into the java keystore (which has the default jks password):

<ArcGISInstall>\framework\runtime\jre\lib\security\cacerts

Allows connection to the proxy, and download of patches.

My problem is: is this a documented and supported solution.

Priya97317 · ‎06-11-2025

Hi @ar_tw

If you don't have internet access in ArcGIS Enterprise machine. You can configure proxy setting in patch notification tool

ar_tw · ‎06-12-2025

Yes, but for it to accept my proxy, I need to manually load the Root CA into <ArcGISInstall>\framework\runtime\jre\lib\security\cacerts

And this isn't documented or supported as far as I can tell - and as advised by Esri Support