Community

Server 10.1 -- HTTPS access using self-signed certificate without Web Adaptor install

427
2
Jump to solution
04-06-2013 11:46 AM
KevinDyke
by
New Contributor II
‎04-06-2013 11:46 AM
Hi all,

I'm new to SSL certificates and all that, so I'm hoping someone could provide a little clarification.

First a little background. We have a simple ArcGIS Server site setup (let's call it site.lib.school.edu), consisting of 1 machine. That one machine is named machine.lib.school.edu. The application I've developed using the JavaScript API will ultimately be housed on a secured HTTPS location. In order to prevent browsers such as Chrome and IE from blocking content from my HTTP based server, I'm hoping to enable SSL on my server. None of the content being handled is sensitive or in need of security, really. It's simply that the ultimate location being HTTPS is breaking calls to the server.

When I look at the default selfsignedcertificate for machine.lib.school.edu, the common name on the certificate differs from the machine name, and is listed as machine.ad.school.edu.

First question, if I simply were to enable SSL on the site (via site.lib.school.edu:6080/arcgis/admin/security/config/update) while using the default self-signed cert, would the difference in the common name be enough to prevent it from working?

Second question, should the common name for the self-signed certificate match that of the site, or the server machine?

I'm just hoping to get a basic level of HTTPS support and from there move onto installing a CA signed certificate.

AGS is installed on Windows Server 2008 R2. Is there anything I need to do outside of AGS if I'm not using the Web Adaptor? Am I totally off-base with my thinking on this stuff (my feeling is that I probably am!).

I appreciate any advice or at least direction. I've followed the directions in the help to no avail, and have tried creating a self-signed cert with matching common names (I've tried to match the machine name in one instance and the site name in another).

Thanks,
Kevin Dyke
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
KevinDyke
by
New Contributor II
‎04-08-2013 11:28 AM
Thanks Domenico. As it turns out, I had everything correct for the CA cert, but had simply neglected to adjust the Windows Firewall settings on my server to permit connections via the 6443 port. Everything seems to be working perfectly now.

Cheers,
Kevin

View solution in original post

0 Kudos
2 Replies
nicogis
by MVP Frequent Contributor
MVP Frequent Contributor
‎04-07-2013 11:34 PM
To connect to an ArcGIS Server site using the URL https://www.myarcgis.com:6443/arcgis/, the common name in the certificate should be www.myarcgis.com.
To access the ArcGIS Server site on a local area network (LAN), you may choose to use a self-signed certificate with the common name myarcgis to connect to the site using the URL https://myarcgis:6443/arcgis/.

see http://resources.arcgis.com/en/help/main/10.1/index.html#//0154000005q6000000
0 Kudos
KevinDyke
by
New Contributor II
‎04-08-2013 11:28 AM
Thanks Domenico. As it turns out, I had everything correct for the CA cert, but had simply neglected to adjust the Windows Firewall settings on my server to permit connections via the 6443 port. Everything seems to be working perfectly now.

Cheers,
Kevin
0 Kudos