Setup and Certificates

WilliamMiller4 · ‎10-27-2016

Hello,

I'm working with Web AppBuilder and am not in charge of setting up ArcGIS 10.4 (including ArcGIS Server Manager, Web Adaptor and Portal, all of which are on the same server, along with our other GIS data, such as the REST Services Directory, etc.), but, if everything is setup properly, the links I receive to access ArcGIS Server Manager and Portal, from those who did set them up, should not have certificate errors, correct? Note: We are using https.

The reason I ask is that the Web AppBuilder, which I setup and access through Portal, gives a certificate error, as do any apps I create, download, and put on the same server's C:\inetpub\wwwroot\. Below are the steps that must be taken to use any of the apps I add to the web server (using IE, Chrome and Firefox, respectively).

IE gives a security alert (see figure IE_A below) with the nature of the problem being "The name on the security certificate is invalid or does not match the name of the site." After responding "Yes" to "Do you want to proceed?", nothing displays until the page is refreshed. At this point, the same security alert comes up (see figure IE_B). After responding "Yes" this time, the app works.

Figure IE_A

Figure IE_B

Chrome shows the loading screen and then a blank page (see figure GC_A). In order to get the app to work, you first have to open developer tools, go to the Network tab, refresh the page and find the file that failed to load (which has the starting format serverName:port#). Next, open the file in a new tab, which gives the warning "Your connection is not private" (see figure GC_B), click ADVANCED and click "Proceed to serverName (unsafe)." When you go back to the tab with the app and click refresh, the app works.

Figure GC_A

Figure GC_B

Firefox starts with a warning that "Your connection is not secure" (see figure MF_A). In order to get the app to work, click Advanced and click "Add Exception." (This adds an exception in the format serverName.domain.local) The loading screen displays, but then just a blank page (see figure MF_B). Next, you have to open developer tools, go to the Network tab, refresh the page and find the file that failed to load (which has the starting format serverName:port#). Next, open that file in a new tab. This gives the warning "Your connection is not secure" (see figure MF_C), click Advanced and click "Add Exception." (This adds an exception in the format serverName:port#) When you go back to the tab with the app and click refresh, the app works.

Figure MF_A

Figure MF_B

Figure MF_C

Note: All the Web AppBuilder pages, including the locally hosted API, use the format serverName.domain.local while the Web Map and other REST services use the format serverName:port#. All this can be seen using developer tools. One of the individuals who set things up thought Portal and/or Web Adaptor was supposed to hide this information.

I don't know what to do. I think I setup Web AppBuilder correctly. I followed the instructions at Get started—Web AppBuilder for ArcGIS (Developer Edition) . If anyone has an idea, a suggestion, a similar situation or would like more information on how I setup Web AppBuilder, please reply! Any input, great or small, is greatly appreciated.

Thank you.

William

RobertScheitlin__GISP · ‎10-27-2016

William,

You will have to ask the other party involved if they used a self signed certificate (this make s a pretty big difference).

Read up on trusting self-signed certs:

Adding self signed certificate to trusted store - Information Security Stack Exchange

Next when you use urls make sure you are not using the servername:port ones uses the web adaptor urls when adding layers to the web map.

WilliamMiller4 · ‎10-28-2016

Hi Robert,

I found out from our IT directory that the server, which is currently inside our firewall, has a certificate that is generated from active directory. Once the server is put on the outside, there is an "official" certificate (not self signed) that will be added to the server.

On the issue of port numbers, the URLs that I have received from the GIS department all have the port number in them. This includes basemaps, feature layers and the geometry and print utilities. Is there something I can do to fix this or does the GIS department need to make the changes? How would I/they/we make these changes?

One other note about how I setup Web AppBuilder. For the URL, I used the format https://serverName.domainName.local:3346/webappbuilder. For the redirect URI's, I used the formats https://serverName.domainName.local:3346 and http://serverName.domainName.local:3344. Was this correct?

Thank you again Robert.

William

RobertScheitlin__GISP · ‎10-28-2016

William,

You can ignore my reply about port numbers in the url as long as you are using the web adaptor urls. I forgot that I am using web adaptors and a reverse proxy on my web server in my DMZ so All my external urls do not have port numbers at all and I can mask my urls in any way I want.

Your setup of Web AppBuilder looks fine as far as the redirects go (understand that those redirects only apply to your WAB Dev edition) as once the app if deployed it will not be using blah blah:3346 or :3344.

WilliamMiller4 · ‎10-28-2016

Hi Robert,

So once the server is on the outside, there should be no problem with the certificate (assuming the certificate added to the server is valid)?

William

RobertScheitlin__GISP · ‎10-28-2016

Correct

WilliamMiller4 · ‎11-08-2016

Hi Robert,

A sort of follow up question. The URLs I've been given for the printing and geometry services have the starting format https://serverName:portNumber/arcgis/rest/... and not https://webadaptor.domain/arcgis/rest/.... Is this okay?

Thank you.

William

RobertScheitlin__GISP · ‎11-08-2016

William,

They may be OK but I would definitely want the webadaptor urls for those as well.

WilliamMiller4 · ‎11-09-2016

Hi Robert,

How would we include webadaptor in our URLs?

William

RobertScheitlin__GISP · ‎11-09-2016

William,

????, the web adaptor just gives you a url that does not use a port number like 6080 or 6443. Like you had in your previous reply.

https://serverName:portNumber/arcgis/rest/... and not https://webadaptor.domain/arcgis/rest/....