Setup SSL and WebAdaptor on EC2

10-22-2012 06:26 AM
Occasional Contributor II
If I want to setup SSL on my EC2 10.1 server, do I need to add my wildcard certificate to IIS or can I just add it through the ArcGIS Server Admin tool? Or both?

If I also want to use the Web Adaptor, should install it for both port 80 and port 443? In what order should I install my SSL certificate, register it with ArcGIS Admin, and install the Web Adaptor? Does it matter?

I have read all of the 10.1 help documents and I am still a bit fuzzy on this. I've had some problems already not being able to access the web adaptor config page and getting locked out of the admin and manager pages altogether.

Thanks, Mike
0 Kudos
5 Replies
New Contributor
Are you using Cloud Builder to setup your instance, if you are there is a step by step guide here:

If you're deploying this without cloud builder, you can use the same steps that you would use on-premise, there should be no difference.

If you still feel this is unclear, let me know.
0 Kudos
Occasional Contributor
We are having a very similar problem and have been locked out of server manager and administrator when trying to configure SSL using a CA certificate.  The documentation provided by ESRI is fuzzy and seems to gloss over some of the, what we consider "critical", details.  The documentation provided by Marwa seems as though it would only work if one was going to use the ELB.  We and the OP are trying to set up SSL on a machine running the web adapter.  This is the document we have tried to follow but have either received errors in administrator where our certificate is not accepted or, as mentioned previously, lost access to manger and administrator.
0 Kudos
New Contributor III

   Could you please let us know which step you ran into the first blocking problem and what the issue was?  I just want to make sure that you are clear that these steps are for a newly generated certificate which requires you to generate a CSR, get it signed, import the root + intermediate certificates, and import the signed certificate. 

    If you have an existing certificate that was generated elsewhere you won't be able to bring that in (though that's something we are considering for the next release).  Bringing in an existing certificate actually requires you to bring in more than just an existing certificate, it also requires you to bring in the associated private keys.

   ---- David
0 Kudos
Occasional Contributor
We ended up creating a new instance (with CloudBuilder) because the analyst we were working with could not come up with a solution after a week and we needed to get back online.  We still had trouble with enabling https:// on this new instance.  In ArcGIS Server Manager, after enabling "HTTP and HTTPS", the machine would automatically reset to "HTTP Only."  We then opened a new incident and were elevated to "Tier 2" and the analyst was easily able to fix the problem. 

Here are his notes from the call:

# ArcGIS server resets to http communication from https.
# Setup a G2A session and looked into the issue.
# User stated that ArcGIS server keeps resetting the https communication to http.
# Restarted ArcGIS server and set SSL again on the server.
# After a few minutes, the server resets to http only.
# Removed the machine from the site, stopped ArcGIS server backed up all the
  directories in the "arcgisserver" folder.
# Created a new site and pointed to the old arcgisserver
# NOTE The instance is in the EC2 and was created using the cloud builder.
# Created a new site and then configured SSL and this worked fine.
# Bounced the server and still SSL was still functional.
# This resolved the incident.
0 Kudos
Occasional Contributor III
W...  We still had trouble with enabling https:// on this new instance.  In ArcGIS Server Manager, after enabling "HTTP and HTTPS", the machine would automatically reset to "HTTP Only." .....

Ran into this same problem on an EC2 instance. For us it was every couple of days that ArcServer would reset itself to use "HTTP only" when it had been"HTTP and HTTPS". The work around I used was to set access to "HTTPS only" and then it stayed on.
0 Kudos