Select to view content in your preferred language

Questions about updating SSL certificates on 10.8.1

3498
17
Jump to solution
11-10-2022 09:17 AM
LLCCG
by
Occasional Contributor

IT tells me that our SSL certificate is expiring soon and needs to be updated. 

I have a HA system with Portal, Server, and Data Store each running on two machines. 

I'm not really sure how many places I need to update these certificates, though.

In Portal Admin, when I go to Home > Machine > MachineName > SSLCertificates, each of the two certificates listed shows an expiration date of 2053. I'm assuming I don't need to update anything there. 

In Server Admin, when I go to Home > Machine > MachineName > SSLCertificates, I have one that expires soon, and and a self-signed certificate that expires in 2053. 

Is there any way to check the expiration date of the certificate for Data Store?

Is there any other place I need to check for certificates that expire soon? 

I'm thinking that all I need to do is update the one in Server Admin that is expiring soon, and restart services, right?

 

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Scott_Tansley
MVP Regular Contributor

Cool - you'd be surprised how many people install a cert but then leave that option as self-signed.  So now you need to import your new certificate:

https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-https-using-an-existin... 

into the first screen that you sent a screen grab off, and then update the entry above.  Test, then delete the old cert.

I'm risk averse, so take a snapshot of the machine before you do it.

Scott Tansley
https://www.linkedin.com/in/scotttansley/

View solution in original post

0 Kudos
17 Replies
BillFox
MVP Frequent Contributor

do the 2053 dates correspond to self signed certificates?

0 Kudos
LLCCG
by
Occasional Contributor

Yes

0 Kudos
Scott_Tansley
MVP Regular Contributor

In many builds, it's just the Web Adaptors (IIS - for example) where certificates need to be replaced.  It is obviously possible to install certs in the application components, but many organisations do not.

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
LLCCG
by
Occasional Contributor

I see the one in Server Admin that is expiring soon. That one must have been installed in ArcGIS Server, right? Or is it just reading it from IIS?

0 Kudos
Scott_Tansley
MVP Regular Contributor

How do you access server manager? 6443 addresss?  Alias name?  Where are you looking at the date?

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
LLCCG
by
Occasional Contributor

Yes, using the 6443 address. The date isn't in Server Manager, though, it's in Server Admin (server.domain.com:6443/arcgis/admin). It's under Home>Machines>MachineName>sslcertificates. When I open the two certificates listed, on is a self-signed certificate that expires in 2053, and the other expires in 2022. 

0 Kudos
Scott_Tansley
MVP Regular Contributor

Ok.  We may need some screen grabs here.  Normally there will only be a self-signed cert there with a long date.  But having a short date suggests a cert was installed.  But, you would normally also install intermediate and root certs as well, so I would have expected 4 certs not 2.  On one of the pages in server admin it will state which cert is in use.  You may have imported a cert, but could still be using self-signed. So you may need to share some details?

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
LLCCG
by
Occasional Contributor

Here's the screenshot from Server Admin that lists the certificates. There is an identical page for the other machine on which Portal, Server, and Data Store are installed. The one ending in "2022" is the one that expires soon. In Server Admin, when I go to the "Machine" page and click on each machine, it says that the Web Server SSL Certificate is that cert ending in 2022. 

0 Kudos
Scott_Tansley
MVP Regular Contributor

Awesome and thanks for commenting out the detailes - really good practice.  So now I can see which certs are installed, and that's what I expected.

When you navigated through to that page, I now need to see the page before.  You will have had a screen like this:

Scott_Tansley_0-1668378125141.png

To get to the screen you shared you would have clicked on the green highlighted sslcertificates link.  I now need to know what is in the yellow highlighted Web server SSL Certificate parameter.

This will tell me which one of those two certificates is in use.

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos