Community

The fully-qualified domain name of your portal machine

3449
5
Jump to solution
01-17-2019 06:54 AM
MartinMaretta3
by
New Contributor
‎01-17-2019 06:54 AM

Hi all,

We try to generate SSL certificate for our ArcGIS Portal and Servers.

But I am little bit confused about Common Name.

Portal: 

Common Name—The fully-qualified domain name of your portal machineServer

Server

Use the domain name of your server name as the common name.

For example if my Portal machine name is prd00422.lyse.no and web adaptor is https://gis103.lyse.no:7443, which one should I use for common name?

For example if my Server machine name is prd00420.lyse.no and web adaptor is https://nisserver103.lyse.no:6443 which one should I use for common name?

Thank you so much.

Martin.

0 Kudos
1 Solution

Accepted Solutions
JakeSkinner
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎01-22-2019 03:59 AM

If the DNS is tied to server gis103.lyse.no, it should be:

Common Name:   gis.lyse.no

SAN:                     gis103.lyse.no

after that binding new certificate to IIS at prd00422.lyse.no ?

You will want to bind the certificate to gis103.lyse.no

View solution in original post

5 Replies
JakeSkinner
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎01-17-2019 09:57 AM

Hi Martin,

If you are using the web adaptor, you will not specify port 7443 in the URL.  The certificate should be issued to the web server that the web adaptor is installed on. 

In the case where the web server has a DNS alias.  For example, the server name of the web server may be:  arcportal.esri.com 

But, the DNS alias is:  gis.maps.com

The certificate should be issued to gis.maps.com, as that is the URL the users will be accessing portal from.  I usually recommend having the server name (i.e. arcportal.esri.com) included as a Subject Alternative Name in the certificate.

JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎01-17-2019 09:58 AM

This is dependent on where you want to use the certificate. If it's for 7443/6443, (the ports used for the internal web servers), then it'd be to the FQDN of the machines running Portal and Server:

Import a certificate into the portal—Portal for ArcGIS (10.6) | ArcGIS Enterprise 

If the certificate is to be used for 443, then you'll need to generate it for the FQDN of the machine hosting the web adaptor and set up the binding to use the certificate.

You should also set the SAN, (Subject Alternative Name), so Chrome doesn't complain about the certificate even if the Common Name is defined correctly.

MartinMaretta3
by
New Contributor
‎01-17-2019 11:18 PM

Hi,

Thank you so much for response, so just for clarification.

our users can use https://gis103.lyse.no  - web adaptor, but primaly they should use DNS name https://gis.lyse.no

Portal is running at machine called PRD00422.lyse.no (where also web adaptor is installed)

So common name should be "prd00422.lyse.no" and SAN should be "DNS: gis.lyse.no" ?

after that binding new certificate to IIS at prd00422.lyse.no ?

Is it OK like this?

0 Kudos
JakeSkinner
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎01-22-2019 03:59 AM

If the DNS is tied to server gis103.lyse.no, it should be:

Common Name:   gis.lyse.no

SAN:                     gis103.lyse.no

after that binding new certificate to IIS at prd00422.lyse.no ?

You will want to bind the certificate to gis103.lyse.no

MartinMaretta3
by
New Contributor
‎01-22-2019 11:22 PM

Hi Thanks,

Sorry for confusing.

Servername is PRD00422.lyse.no and IIS running at this server. Gis103.lyse.no is webadaptor running at this server.

And gis.lyse.no is DNS of server PRD00422.lyse.no.

Martin.

0 Kudos