ArcGIS Monitor SSL error

526
3
07-05-2020 09:56 PM
BingZheng
Esri Contributor

Hi all,

I installed ArcGIS Monitor 10.8 with 444 for my local port.

I converted my local CA pfx file to a public and private pem file. My pfx file works for ArcGIS Portal and Server.

I put these public and private pem files to ArcGIS Monitor install_path\Server\ssl folder and config ArcGIS Monitor to use them.

However, Monitor Page within Chrome still has a warning message which indicates the certificate is invalid.

I compare it with the certificate within the Portal page, they look like the same.

 

Any idea? Thanks.

Regards,

Bing

3 Replies
DavidColey
Frequent Contributor

Hi Bing - how were you able to convert your pfx file to pem files?  We have a Sectigo CA wildcard cert that contains a root and intermeditate certificates, but I've never been able to get the pfx to convert all levels.  In your case, I think you need to create a DNS entry for the server hosting Monitor?  I can see a port number in your url: .com.au:444 

0 Kudos
ChrisAdams
Esri Contributor

Did you restart ArcGIS Monitor Server and your browser? Why does Chrome not trust it still? It should say in dev tools > security

0 Kudos
AlexCatchpaugh
New Contributor

Your cert was issued from a internal CA and it is not trusted, so you need to import the root  for your internal CA into the cert store used by arcgis monitor. Many of the more common root CA are already preinstalled in the cacerts file. You can use keytool.exe in the folder C:\ArcGIS Monitor\framework\runtime\jre\bin to see what root certs are pre installed and explore some other things. Lots of documentation on this tool.

Step 1

Export the root cert for your internal CA from your browser to C:\temp\PKICorpRootCA.cer. the export file format should be Base 64 encoded x.509

These are the ROOT CA I have as shown in Chrome browser

 You could also just export the root CA to file from the certification Path *******SDCP01-CA you show in you initial posting. Whatever works for you.

Example to import the root cert from the file C:\temp\PKICorpRootCA.cer from your internal CA:

cd C:\ArcGIS Monitor\framework\runtime\jre\bin

keytool -import -trustcacerts -keystore "C:\ArcGIS Monitor\framework\runtime\jre\lib\security\cacerts" -storepass changeit -alias pki_root -file C:\temp\PKICorpRootCA.cer

Thats my guess!

0 Kudos