SSL error on ArcGIS Enterprise Installation

704
4
Jump to solution
11-05-2019 08:50 PM
lxd
by
New Contributor III

Hello All,

I have installed ArcGIS Enterprise 10.7.1 on my pc (windows) as a part of my developer subscription. I have used ArcGIS Enterprise Builder. All was great up until I step 5, Configuring Web Adaptors. It requires https, for which I need ssl certificate. First of all, I don't have one and I thought I can get away without it as everything is installed on my pc (single machine). As it is just for testing, I don't think our IT department with assist with the certificate. 

Is there a way around it? 

I found few articles from ESRI describing exactly my error,  'Create a domain certificate and enable HTTPS' from here Plan a base deployment. But it is just on my PC and I am not sure how to create certificate myself (if it is possible).

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Frequent Contributor

If it's just you using it, you'll get by with a self-signed certificate:

How to Create a Self Signed Certificate in IIS | About SSL 

Once you do that, bind it to the 443 endpoint:

How to bind an SSL certificate in Microsoft IIS 7.0 or 7.5? 

You can ignore setting the Host name property.

View solution in original post

0 Kudos
4 Replies
JonathanQuinn
Esri Frequent Contributor

If it's just you using it, you'll get by with a self-signed certificate:

How to Create a Self Signed Certificate in IIS | About SSL 

Once you do that, bind it to the 443 endpoint:

How to bind an SSL certificate in Microsoft IIS 7.0 or 7.5? 

You can ignore setting the Host name property.

0 Kudos
MichaelVolz
Esteemed Contributor

Jonathan:

If you bind the SSL certificate to the 443 endpoint, will that get rid of the warning that the site is not trusted?

The example you provide is very generic with Host name and SSL certificate being assigned to www.domain.com.  Can that be replaced with a server name on the domain?

0 Kudos
JonathanQuinn
Esri Frequent Contributor

If you're using a self signed certificate, no browser is going to trust the certificate by default. You need to import the certificate into the trusted root authority store to force the OS to trust the certificate.

Yes, the idea is that the certificate will be created for the FQDN where the AEB is being installed on. The SSL certificate parameter is just the name of the certificate, it doesn't need to match the FQDN it's assigned to. It could be "myCert", doesn't matter.

0 Kudos
RachelSears
Occasional Contributor II

Hi Lidia,

Jonathan Quinn‌'s answer is correct. To elaborate slightly on his answer... you are using the default self-signed certificate that comes with the base installation. This certificate is only intended to be for testing that the deployment installed correctly, and can cause issues with accessing the Portal from client operations among other things. It should be replaced with the user's self-signed certificate, a domain certificate, or a CA-signed certificate. You can follow the steps Jonathan posted to generate your own self-signed certificate.

Best,

Rachel