We are using ArcGIS Enterprise in an environment with an outbound HTTPS proxy that performs SSL interception. While accessing HTTPS resources (such as https://downloads.arcgis.com) from a browser or using curl with our proxy CA installed works as expected, the ArcGIS Patch Notification Tool fails to connect, suggesting a trust or SSL handshake failure.
Loading the Root CA cert into Portal, and Server didn't seem to work. Which kind of makes sense - I doubt the patchnofitication tool actually goes to cehck the Portal cert store - I would imagine it is a stand alon application.
Investigation shows that loading the proxy CA into the java keystore (which has the default jks password):
<ArcGISInstall>\framework\runtime\jre\lib\security\cacerts
Allows connection to the proxy, and download of patches.
My problem is: is this a documented and supported solution.
