Silent installation of certificates for all components

630
2
Jump to solution
12-09-2019 12:31 PM
RayVidalis
New Contributor II

Hello all,
I'm planning to automatically create a keystore containing my letsencrypt keys for tomcat (running my web adaptors) and then inject it during installation.
I was wondering if something similar would be possible for the rest of the web facing components namely the Datastore, Server and Portal.

It would be ideal if I could use the same keystore for all services.

Can I somehow inject it automatically?
e.g. by performing an API call to each service

or maybe by replacing the file used for the self signed one that goes by default with the installation

Thank you

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
NicEverdell
Esri Contributor

Hi Ray,

You should be able to make calls to set certificates for all of the ArcGIS Enterprise Components. It is just a matter of running the right tool for each job.

ArcGIS DataStore has a batchfile named "updatesslcertificate" installed along with the software. Running this from command line (I typically use a Powershell Script) - the utility can be found "<ArcGIS DataStore Install Directory>\datastore\tools" and the command will look like "updatesslcertificate <certificate Path> <password> <alias>" I use certificates in .pfx format

ArcGIS Portal has a Certificate REST endpoint, and will require a POST to get the certificate in to the applications certifiacte store. -- Import Existing Server Certificate—ArcGIS REST API: Administer your portal | ArcGIS for Developers 

ArcGIS Server should be similar to Portal, with a REST endpoint that you can POST the certificate to

-- Import Existing Server Certificate—ArcGIS REST API: Administer your server | ArcGIS for Developers 

I hope this helps!

Nic

View solution in original post

2 Replies
NicEverdell
Esri Contributor

Hi Ray,

You should be able to make calls to set certificates for all of the ArcGIS Enterprise Components. It is just a matter of running the right tool for each job.

ArcGIS DataStore has a batchfile named "updatesslcertificate" installed along with the software. Running this from command line (I typically use a Powershell Script) - the utility can be found "<ArcGIS DataStore Install Directory>\datastore\tools" and the command will look like "updatesslcertificate <certificate Path> <password> <alias>" I use certificates in .pfx format

ArcGIS Portal has a Certificate REST endpoint, and will require a POST to get the certificate in to the applications certifiacte store. -- Import Existing Server Certificate—ArcGIS REST API: Administer your portal | ArcGIS for Developers 

ArcGIS Server should be similar to Portal, with a REST endpoint that you can POST the certificate to

-- Import Existing Server Certificate—ArcGIS REST API: Administer your server | ArcGIS for Developers 

I hope this helps!

Nic

RayVidalis
New Contributor II

thanks a lot, very valuable information

0 Kudos