Adding Web Service Items to ArcGIS Online Fails (Certificate Issues)

4494
3
01-26-2015 08:54 AM
NaderChouman
New Contributor II

We have an ArcGIS Server 10.2 on-prem that hosts a variety of services. We recently upgraded our SSL certificate to the more secure SHA-2 version. The CA is Go Daddy Root Certificate Authority - G2. After the update, when we try adding a feature service as an item to AGO, we do not get prompted to save the credentials. We then realized that the call being made to check the service URL was failing with a generic error message: "Error checking resource: ...". Below is a sample call to check a URL prior to adding an ArcGIS service as an item to AGO using one of our services:

https://www.arcgis.com/sharing/checkUrl.jsp?url=https%3A//maps.xtremegis.com/arcgis/rest/services/Sa...

From our online reading, it seems that the new G2 GoDaddy certificate is not trusted by the Java Truststore. So, it is likely that the AGO services do not trust our services because of this new certificate.

We need help determining if this is what is really going on or not? If so, is it possible for the AGO team to make these CA certificates trusted by their servers? Otherwise, we will purchase new certificates.

This is a time sensistive client specific matterer so we appreciate any quick response.

Tags (1)
0 Kudos
3 Replies
ChrisWhitmore
Esri Regular Contributor

Hi Nadar,

Your best option is to contact Technical support - they'll be able to assist you.

Esri Support

Thanks,

Chris

0 Kudos
RandallWilliams
Esri Regular Contributor

You are correct that the G2 certificate from GoDaddy is not trusted by the Java Keystore because the certificate chain is incomplete.

Does applying the G1 to G2 crossover certificate from this resource complete the certificate chain so that it's trusted?

Note that the crossover cert should be added to your web server.

https://certs.godaddy.com/repository

NaderChouman
New Contributor II

We ended up buying a new certificate from a different provider due to the urgency of our situation and everything works. The G2 certificate's messed up chaining seems to be the most likely culprit. If we get a chance to test this certificate later on, after installing the crossover cert, we will update this thread with our findings.

Thank you for the feedback.

0 Kudos