I am attempting to replace the Data Store self-signed certificate with my commercial certificate using the Data Store "updatesslcertificate" utility. When I run the utility, I receive the following error: "Error encountered: Machine 'https://<server name>:2443/arcgis/datastoreadmin' returned an error. 'Unable to import certificate'. My certificate is in the .pfx format and was imported into and is being used successfully with Portal and Server so I don't believe there is anything wrong with my commercial certificate. I am not finding anything to troubleshoot this particular issue.
Could you provide some more information? Perhaps the error logs for the datastore?
Hi William/Andrew,
There's a BUG on that in 10.5 data store
What release are you using?
-Bill
I am using ArcGIS Enterprise version 10.6 with also the latest patches applied.
Will
Using ArcGIS Server Manager, I am not seeing any errors generated in the log files for the Data Store. I am just seeing the error message "Error encountered: Machine 'https://<server name>:2443/arcgis/datastoreadmin' returned an error. 'Unable to import certificate' when I run the Data Store "updatesslcertificate" utility.
The only other item I have noticed is that every time I run the "updatesslcertificate" utility, a file of the form "agsdatastore.ks.20180424011020477" gets generated under the Data Store C:\Program Files\ArcGIS\DataStore\etc\ssl directory and that the update date of the agsdatastore.ks file does not change.
--Will
And are you running this from an admin account from the machine that ADS is installed on?
I'd also confirm that the certificate you are using is added to the machine's trusted root certificate store on the machine where ADS is installed
Andrew,
I am running the updatesslcertificate using a Windows Domain Account that is a member of the Local Administrators Group on the location machine. I am running the command while logged into the machine via Remote Desktop. This Domain user account is the same account that was originally used to install Portal for ArcGIS, ArcGIS Server, and Data Store on the machine. The machine is running Windows 2016 server with IIS for the webserver software. When I go into the Microsoft Management Console (MMC) Certificate Manager, I see my commercial certificate issued for the machine listed under Certificates (Local Computers) > Personal > Certificates. Under Trusted Root Certification Authorities > Certificates, I see four Root certificates listed for the commercial certificate vendor.
Wait, are you running a 10.6 Enterprise stack on a 2006 server?
Sorry, Windows 2016 Server.
Phew
Okay, if you navigate to the ADS logs (by default, this exists at this path: c:\arcgisdatastore\logs\<machinename>\
There will be two folders, 'datastore' and 'server.'
Can you run the utility again and then open up the recentmost log file and search for the event? This should give a lot more detail than Server Manager.
Also, can you confirm that you have a file named 'agsdatastore.ks' in this directory: C:\Program Files\ArcGIS\DataStore\etc\ssl
Also (sorry for the overload), can you confirm that the account running ADS has full permission to the C:\Program Files\ArcGIS\DataStore folder with the option to inherit permissions enabled?