Deploying Enterprise 10.7.1, I want to replace self-sign ssl from Datastore with my own CA Certificate, when I run updatesslcertificate in with power shell ow cmd(as admin) with a command:
.\updatesslcertificate.bat my.domain.com.pfx "mypassword" "myalias"
updatesslcertificate.bat my.domain.com.pfx "mypassword" "myalias"
output return a error:
Error encountered: The data store may not have been initialized.
I'm using this help:
when I open https://localhost:2443/arcgis/datastore/ , open page ok to create a datastore, and I'm trying to replace this SSL before create a DataStore.
I'm running command inside installation directory: C:\Programs and Files\ArcGIS\DataStore\Tools
Windows Server 2016 on azure
ArcGIS Datatore windows service running
ArcGIS installation directory: C:\Programs and Files\ArcGIS\DataStore\
enterprise 10.7.1 datastore commands datatore ssl
Hello. Several us on the Architecture & Security team have looked at this and believe this may be a mis-configuration of some sort and the recommendation is to contact Esri Technical Support for further guidance.
Hi RENATO TEIXEIRA,
Have you tried importing the certificate following the configuration of the ArcGIS Data Store with the associated Server site? We have a defect in the works regarding the logic of the updatesslcertificate tool, but that is the established workaround for the time-being. Hope that helps! Otherwise as Jeff suggested a support case may be helpful to pursue some additional troubleshooting angles.
I found out that the tool only works after I have joined ArcGIS Server, so I decided to give up on this certificate and use Self-Signed, and my certificate is a wildcard issued by globalsign and ArcGIS is not making it secure even by installing root on the server. I really can't understand why, since the same certificate is used on the webserver for the webadaptor and it works.
The certificate would have to include either a CN or SAN entry that would cover the URL you're using to access the Data Store URL. Typically when we run into issues with customers using their Web Adaptor SSL certificate on all endpoints for ArcGIS Enterprise's internal web servers, the Web Adaptor certificate covers the public-facing URLs or DNS aliases without including the internal machine FQDNs. We have logged a documentation defect internally to fix the misinformation on the Data Store configuration page in terms of importing the certificate prior to the initial configuration.