SSL help where to start

556
2
05-27-2014 05:46 AM
JenniferMcFarland
New Contributor III
I am confused.   I have Arc GIS Server 10.2 installed on an application server and I have the web adaptor installed on my webserver. I would like to implement security and I requested a certificate for my webserver machine and it is in place.  But I look at this document http://resources.arcgis.com/en/help/main/10.2/index.html#//0154000005q0000000
and I am clueless as to what I need to do on which machine.  Should I have requested a certificate for my application server?  Not sure.  Can someone help and tell me which machine I need to do what on in the above referenced help?  I already have a certificate for my webserver.  
Any guidance is appreciated.

Thanks,
Jennifer
0 Kudos
2 Replies
BubbaHey
Occasional Contributor III
What a lot of people do is use a CA certificate in IIS for web adaptor, then a self-signed in ArcGIS Server. Mainly because server seems to have problems importing CA certificates.

See:

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_on_ArcGIS_Server_when_accesse...
0 Kudos
RandallWilliams
Esri Regular Contributor
Agreed with Bubba. If you were going to expose port 6080 to the web you'd want a CA cert for your GIS Server, but since you're exposing the GIS Server via the web adaptor you can set up a CA cert for the web server and be good. I generally create a new self signed certificate using the ArcGIS Server admin API using the application server's hostname as the CN instead of using the one that ships with the GIS Server. I also recommend testing with both http and https allowed on the GIS Server before flipping the switch and requiring https only. That way if something happens somehow and SSL is broken you can still get into the admin API and make adjustments.
0 Kudos