Community

Credential Storing Option Not Present When Adding a Secure Service to our AGOL Portal

2673
5
04-21-2016 11:26 AM
DavidColey
by
Frequent Contributor
‎04-21-2016 11:26 AM

Hello - Up until approximately 1 month ago I was able to add rest-secured services to our ArcGIS Online Portal AND be given the option to store credentials.  It appears as of at least yesterday 4/20/2016 that this is not an option, or rather the option does not present itself when adding the item. 

This suggests to me that our AGOL portal is not recognizing the service as secure at upload time. 

Particulars:

ArcServer10.3.1

WebAdaptor ssl signed by COMODO CA, Signature Algorithm: sha256WithRSAEncryption

SSL Checker indicates all hops are good, everything resolves corrrectly in the chain.

Suggestions?

Thanks

David

0 Kudos
5 Replies
DavidBlanchard
by Esri Contributor
Esri Contributor
‎04-21-2016 11:46 AM

The few times I've seen this, its either:

  • ArcGIS Online not recognizing the certificate (even if your browser says it's secure)
  • You are using Web Tier Authentication instead of the default GIS Tier authentication on your ArcGIS for Server.

If its an SSL issue, I would suggest getting in touch with support (or your local distributor) as this is likely to be specific to your implementation and will require some digging.

0 Kudos
DavidColey
by
Frequent Contributor
‎04-21-2016 12:13 PM

Thanks for the reply.  In my case it's clearly the first bullet item you've listed as we are using GIS Tier authentication.  I can add that nothing has changed in our implementation since I last added a secure service 6 weeks ago.  SSL checker indicates NO issues with our CA cert through the public facing web adaptor.  I obviously cannot check the GIS Tiers' self-signed certs through something like SSL Checker as they are not public. 

But again, nothing has changed at that level. This makes me think that it is a portal issue.

Any other suggestions?

0 Kudos
DavidBlanchard
by Esri Contributor
Esri Contributor
‎04-21-2016 12:30 PM

Sorry, I don't have any other suggestions. When I ran into the problem, we had to open a support case with Esri Inc. (I work for an international distributor). Turned out to be that the ArcGIS Online SSL Checker wasn't recognizing a specific chain in our certificate. If you're interested, here's the bug report (BUG-000084659 - When a web server uses GoDaddy certificates, it do..​).

DavidColey
by
Frequent Contributor
‎04-21-2016 01:07 PM

Yes thanks for your help David and thanks for the bug report.  Yes I would guess that it is the ArcGIS Online SSL Checker suddenly is not recognizing our county organizations' COMODO cert.  I know the county isn't going to change,  so I'll take your advise and open an incident-

David

0 Kudos
DavidColey
by
Frequent Contributor
‎05-09-2016 12:05 PM

So it turn out that there is no issue with our COMODO Cert.  The issue is in the SSL cipher type we are employing.  We are employing ECDHE ciphers in response to the Log Jam vulnerability, instead of increasing the bit key size of our DHE cipher to 2048.  Currently AGOL portal does not accept ECDHE, so our EIT team reverted the web server hosting our web adaptor back to a DHE key and moved the server to another switch.

0 Kudos