Load unsafe script error: http vs https

FahadRabbani · ‎01-22-2019

We have an ArcGIS server hosted on Amazon. The maps and layers on that server are used to build a website (i.e. xxxx.com/map. The problem is, that page always shows an error "load unsafe scritps". If anyone allows to load those scripts then the webpage works fine with all the contents. I have inspected the page source in google chrome nad it shows error/warnings such as

Mixed Content: The page at 'https://xxxx.com/map/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://ec2-xx-xxx-xx-xxx.compute-1.amazonaws.com:6080/arcgis/rest/services/FinalMaps/MapServer/expor...'. This request has been blocked; the content must be served over HTTPS.

Is there anyway so that the hosted layer on ArcGIS server can be accessed through a https link instead of http

JonathanQuinn · ‎01-22-2019

The application was written to access the services over http. The application needs to be updated to access the services over HTTPS (recommended) or the application needs to be accessed over http, (not ideal).

FahadRabbani · ‎01-23-2019

Thanks a lot Jon. The way I understand it is, people who developed the website (njfloodalert.com/map) need to change their code to access the website as https. Am I right?

JoshuaBixby · ‎01-23-2019

In this case, it will be about the website and GIS server. If you change the website to connect to the GIS server using HTTPS, you will start getting certificate errors if the GIS server hasn't been configured properly for HTTPS, i.e., simply changing from HTTP to HTTPS in the app/map may replace one kind of error with another.

FahadRabbani · ‎01-23-2019

Thanks Josh. Could you suggest anyway to configure my ArcGIS server so that the outward facing address would be with https. Right now it's showing that the outbound address is http://ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com:6080/arcgis/rest/services/FinalMaps/MapServer

Is there anyway I can configure the ArcGIS server on AWS so that the outward address would be https://ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com:6080/arcgis/rest/services/FinalMaps/MapServer

JoshuaBixby · ‎01-23-2019

Security considerations in AWS, including SSL/TLS certificates, are no trivial matter. Is there a way to configure ArcGIS Server in AWS to use HTTPS? Absolutely, but doing so is more of a process than a single step/task. I am not comfortable giving suggestions on this topic at this level, except to say Esri's documentation can get you part or most of the way there. Have you read the Security on Amazon Web Services—ArcGIS Enterprise on AWS | ArcGIS Enterprise section of the documentation?

FahadRabbani · ‎01-23-2019

I have found this article from ESRI. Hopefully it will guide me through the process. Thanks.

http://enterprise.arcgis.com/en/server/latest/administer/windows/enable-https-on-arcgis-server-when-...

JonathanQuinn · ‎01-23-2019

As Joshua Bixby‌ mentioned, it has to be done in multiple places:

1) ArcGIS Server has to support HTTPS. The default setting for Server is HTTP and HTTPS as of 10.4.

2) Your ELB has to support HTTPS to support hosting a website accessed via HTTPS. Here are some links that may provide background and a little help:

Create a Classic Load Balancer with an HTTPS Listener - Elastic Load Balancing

HTTPS Listeners for Your Application Load Balancer - Elastic Load Balancing

Use SSL/TLS Certificate with HTTPS load balancer

3) Your application has to be updated to access services over HTTPS.

FahadRabbani · ‎01-25-2019

Thanks a lot Jon for outlining a solution path for this issue. Hopefully I'll be able to resolve the issue. I appreciate all the helpful advices regarding my issue. -Fahad