Community

Portal Web Adaptor - You must bind your security certificate to port 443

2160
1
Jump to solution
09-16-2020 02:02 PM
BenRomlein
by
Occasional Contributor
‎09-16-2020 02:02 PM

Running RHEL 7.7, Apache HTTPD 2.4.6-09, Tomcat 7.0.94, ArcGIS Webadaptor 10.81, and ArcGIS Portal 10.81

I'm trying to set up Webadaptor for portal, but I'm getting the above configuration prerequisite error: You must bind your security certificate to port 443 on your web site before you can configure the Web Adaptor with Portal for ArcGIS.

I don't know why I'm getting this error. I have an ssl certificate configured and installed for httpd, and a working webadaptor installed for ArcGIS Server. I'm using a proxy in httpd to forward the traffic to 443 that works for server but not portal:

 ProxyPass /portal https://localhost:8443/portal
 ProxyPassReverse /portal https://localhost:8443/portal
 ProxyPass /arcgis https://localhost:8443/arcgis
 ProxyPassReverse /arcgis https://localhost:8443/arcgis

I ran the setup script for web adaptor twice installed in two different directories, and copied each .war file to my webapps folder in Tomcat, one named arcgis.war (for Server) and one named portal.war (for Portal), then ran Tomcat with startup.sh. 

I've tried using the iptables solution suggested here (Web Adaptor for Portal) but after running the command. I'm still not able to configure Webadaptor. When I check, the rule isn't showing up in my iptables list:

 sudo iptables -S

Is there another way to set up the iptables rule or some other way to satisfy this requirement?

Randall Williams ?


EDIT: Using the above iptables rules, I am able to configure Web Adaptor locally (from a browser run on the server machine itself) and to access Portal via the Web Adaptor url (https://my.domain/portal/home) afterwards. But trying to access that url from another machine, I get a timeout error.

EDIT: I tried a fresh install of web adaptor, and following the instructions here (Use nondefault ports for the portal's ArcGIS Web Adaptor—Portal for ArcGIS | Documentation for ArcGI...), I was able to configure it (however, this required running Tomcat as root since it has to write and read its config file from /root/... I don't want to do this outside proof-of-concept testing). Afterward, requests to https://my.domain/portal would redirect to https://my./domain:8443/portal/home and fail (since that port isn't open). I went in through the direct connection (:7443) and updated the WebContextURL (per Configure your portal to use a reverse proxy server—Portal for ArcGIS | Documentation for ArcGIS Ent...) but still had the same issue (urls redirected.) Any other ideas for getting this working?

0 Kudos
1 Solution

Accepted Solutions
BenRomlein
by
Occasional Contributor
‎09-18-2020 06:56 AM

Got this solved by implementing the port forward through firewalld:

# firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

I also had to implement a local rule since web adaptor wants to be configured only from localhost (and firewalld doesn't appear to apply public rules to the local interface):

#  firewall-cmd --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443

View solution in original post

1 Reply
BenRomlein
by
Occasional Contributor
‎09-18-2020 06:56 AM

Got this solved by implementing the port forward through firewalld:

# firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

I also had to implement a local rule since web adaptor wants to be configured only from localhost (and firewalld doesn't appear to apply public rules to the local interface):

#  firewall-cmd --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443 -j REDIRECT --to-ports 8443