Community

HTTPS Certificate SSL Issues ArcGIS Monitor

2807
12
Jump to solution
02-22-2023 03:29 AM
Mark_Verlaat
by
New Contributor III
‎02-22-2023 03:29 AM

Hi all,

I just have set up the ArcGIS Monitor 2023.0 on my system. It works quite well. 

I have a problem though with implementing the SSL Certificate which we use with the DNS within the Monitor Admin panel. 

When I save (and force restart) the server, the server hangs, won't start anymore (not the Localhost, not my own Web Context URL, etc.). It starts, but stops almost instantly. 

I want to bypass this to make a rewrite rule (so in this case name.dnsname.nl/arcgis needs to point to name.dnsname.com:30443/arcgis) so that I can bind the certificate to the 443 port (https) of the default server. But that didn't work too (maybe I did something wrong with the rewrite rule). 

 

Can someone help me with this? Thanks in advance,

___________________________________________
To boldly Geo, where no one has gone before.
Tags (3)
1 Solution

Accepted Solutions
EsriEvan
by Esri Contributor
Esri Contributor
‎02-24-2023 09:25 AM

The article I mentioned above is available here:

Connecting to ArcGIS Monitor 2023 through IIS - Esri Community

View solution in original post

12 Replies
VHolubec
by Esri Regular Contributor
Esri Regular Contributor
‎02-23-2023 06:10 AM

Hi @Mark_Verlaat,

is the certificate compatible with OpenSSL 3 and TLS 1.2? 

Another solution could be a Rewrite/Reverse proxy rule on the IIS.

Thanks.

Vladimir
EsriEvan
by Esri Contributor
Esri Contributor
‎02-23-2023 08:44 AM

Hi Mark

There is an issue with 2023.0 which does not prevent "unaccepted" certificate chains from passing the upload. This will ultimately cause the runtime to fail when the restart occurs. The dev team has fixed this one and will be part of 2023.1 .

In the meantime, the fastest way to recover from that scenario is to navigate into the config store and delete the PFX file living under the SSL directory. After restarting Monitor, it will re-create the self-signed one and recover.

We're also about to publish a quick article how to use IIS to proxy requests to Monitor Server and how to terminate SSL at IIS, which may be helpful in this scenario.

EsriEvan
by Esri Contributor
Esri Contributor
‎02-24-2023 09:25 AM

The article I mentioned above is available here:

Connecting to ArcGIS Monitor 2023 through IIS - Esri Community

Mark_Verlaat
by
New Contributor III
‎03-08-2023 06:58 AM

Thanks Evan, for this article. It works perfectly. 

___________________________________________
To boldly Geo, where no one has gone before.
JamesFaron
by
Occasional Contributor
‎03-08-2023 12:09 PM

Hi Evan,

Where is the config store that you are referring to in your response? 

"the fastest way to recover from that scenario is to navigate into the config store and delete the PFX file living under the SSL directory."

Need some details here in order to try out your proposed solution.

0 Kudos
VHolubec
by Esri Regular Contributor
Esri Regular Contributor
‎03-09-2023 01:32 AM

Hi @JamesFaron,

the configstore of the Monitor is located in folder under profile of the user running the Monitor: "C:\Users\<user_running_the_Monitor_service>\AppData\Local\ESRI\ArcGISMonitor\config-store-server"

The pfx certificate is then in SSL folder.

Hope it helps.

Vladimir
0 Kudos
JamesFaron
by
Occasional Contributor
‎03-09-2023 06:37 AM

Thanks Vladimir, I was able to find it after posting, but this will be useful for others as well. 

0 Kudos
VHolubec
by Esri Regular Contributor
Esri Regular Contributor
‎02-28-2023 01:18 AM

Hello,

I can confirm, that workflow mentioned by @EsriEvan, is pretty neat and the Monitor and its agents are available via 443 port easily then.

Vladimir
Mark_Verlaat
by
New Contributor III
‎03-01-2023 03:34 AM

Thanks for the replies, I am being swamped at the moment, so I will be testing this coming weeks. 

___________________________________________
To boldly Geo, where no one has gone before.
0 Kudos