Implications of Self-Signed Certificate

447
2
Jump to solution
02-17-2023 12:54 AM
wizgis
by
Occasional Contributor II

Hello Everyone, 

We are in the process of installing and configuring GeoEvent Server in our organization. Our organization already has base deployment set-up on two machines i.e. Machine 1 has ArcGIS Server, Portal & Data Store and Machine 2 has two WebAdaptors configured for Server and Portal respectively.

Both, ArcGIS Server and Portal are configured with a CA signed certificate. 

On Machine 3 we have installed ArcGIS Server and GeoEvent Server both authorized by the GeoEvent license and as of now both the components are using the self-signed certificate which ArcGIS Server generates automatically when installed. 

I was going through the following document 

https://enterprise.arcgis.com/en/geoevent/latest/install/windows/optional-self-signed-certificate.ht... 

This document walks through the steps of replacing self-signed certificate with a CA signed certificate. 

I was just wondering that since this link has been marked as optional, what would happen if we continue to use self-signed certificate. 

Additionally, I was wondering if we import the self signed certificate of Machine's 3 ArcGIS Server in the certificate store of all three machines i.e. Machine 1,2,3. Then would the machines be able to trust each other and GeoEvent Server would operate normally. 

I guess I am just trying to understand the implications of using a self-signed certificate and what functionality of GeoEvent Server would work and not work. 

Any insights on this would be helpful. 

0 Kudos
1 Solution

Accepted Solutions
TomPaschke
Esri Contributor

@wizgis 

Yes, to the best of my knowledge the way you outlined (importing the self signed certificate in the certificate store of the other machines) should work (haven't tested it in 11.x though). I would even say, that GeoEvent can establish a connection to the 'Default' data store aka. the Portal without any cross machine import of the cert given that Portal and the Hosting Server have CA signed certs.

Of course it's not best practice and you would always have to deal with the browsers certificate error when accessing the GeoEvent manager.

View solution in original post

2 Replies
TomPaschke
Esri Contributor

@wizgis 

Yes, to the best of my knowledge the way you outlined (importing the self signed certificate in the certificate store of the other machines) should work (haven't tested it in 11.x though). I would even say, that GeoEvent can establish a connection to the 'Default' data store aka. the Portal without any cross machine import of the cert given that Portal and the Hosting Server have CA signed certs.

Of course it's not best practice and you would always have to deal with the browsers certificate error when accessing the GeoEvent manager.

wizgis
by
Occasional Contributor II

Thank you @TomPaschke  for sharing your insights on this.

0 Kudos