AnsweredAssumed Answered

How many SSL certificates does ArcGIS Server need?

Question asked by filipkral on Jan 30, 2015
Latest reply on Jan 10, 2019 by DaviAS1

Like • Show 1 Like1
Comment • 5

Hi, I would appreciate if somebody could clarify how many SSL certificates I need in the following setup.

Windows server with IIS7+ with ArcGIS for Server 10.2.2 and WebAdaptor configured.

Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server? Therefore, I need one CA-signed certificate for ArcGIS Server and if I am going to host some secure web application on the same machine I need another CA-signed certificate for IIS right? The ArcGIS Server services should be available to client applications hosted on other servers too and therefore both my certificates need to be CA-signed. WebAdaptor does not need any certificate.

Is that correct?

Filip.

2 people also have this question

Outcomes

randall_williams-esristaff

Jan 30, 2015 12:56 PM

Hi Filip,

1. Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server?

A. Correct

Personally, here's what I'd do, especially if I'm hosting the web server (IIS) and ArcGIS Server on the same machine:

a. Use new self signed certificate created via the Admin API with a CN that matches the machine's FQDN

b. Configure IIS with a CA signed certificate

c. Connect the web adaptor to the GIS Server (port 6443)

d. Deploy the web apps on the same server.

This way both the web adaptor and applications are both behind a single SSL certificate. At this point, you just provide users with the URL to the web adaptor. I prefer not to expose ArcGIS Server to users on ports 6080 or 6443, so even if I chose NOT to deploy a web adaptor I would still follow this same workflow, but configuring IIS as a reverse proxy to expose the GIS Server to the public.

5 people found this helpful

Actions

filipkral @ randall_williams-esristaff on Feb 5, 2015 11:52 AM

Hi Randal, do you think the approach you outlined above (CA signed certificate for IIS and self signed certificate for ArcGIS while connecting web adaptor to ArcGIS on 6443) would work for applications hosted on other servers too? I think it should work but if you have tried this before maybe you can confirm.

Many thanks,

Filip.

Actions

randall_williams-esristaff

@ filipkral on Feb 5, 2015 12:37 PM

I *absolutely* know it will work - I only suggested deploying apps on the same web server instance to save a little money on the certificates.

You'd want a certificate for that application server so that you don't get mixed content messages in the browser, but as long as the solution uses SSL all the way through from end to end, you'll be golden.

1 person found this helpful

Actions

billdoerflein @ randall_williams-esristaff on Mar 15, 2018 1:44 PM

I believe that we are having the same issue. We just recently upgraded to ArcGIS server 10.5.1 along with WebPortal and Portal for Server. We have our map created that we want to share but when I try to share the map or use the link on any workstation it's asking for a username and password. We were told to contact our IT department for help with a certificate to access the server and share the map to the public world. I'd like to think this is pretty much the same issue as above.

Actions

DaviAS1 @ billdoerflein on Jan 10, 2019 6:40 AM

If the message given by your map is similar to this:

Yo need to change the share property of your map to public.

Actions

5 Replies

randall_williams-esristaff Jan 30, 2015 12:56 PM
Mark Correct
Correct Answer
Hi Filip,

1. Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server?
A. Correct

Personally, here's what I'd do, especially if I'm hosting the web server (IIS) and ArcGIS Server on the same machine:

a. Use new self signed certificate created via the Admin API with a CN that matches the machine's FQDN
b. Configure IIS with a CA signed certificate
c. Connect the web adaptor to the GIS Server (port 6443)
d. Deploy the web apps on the same server.

This way both the web adaptor and applications are both behind a single SSL certificate. At this point, you just provide users with the URL to the web adaptor. I prefer not to expose ArcGIS Server to users on ports 6080 or 6443, so even if I chose NOT to deploy a web adaptor I would still follow this same workflow, but configuring IIS as a reverse proxy to expose the GIS Server to the public.
5 people found this helpful
Like • Show 3 Likes3
Actions
- filipkral @ randall_williams-esristaff on Feb 5, 2015 11:52 AM
  Mark Correct
  Correct Answer
  Hi Randal, do you think the approach you outlined above (CA signed certificate for IIS and self signed certificate for ArcGIS while connecting web adaptor to ArcGIS on 6443) would work for applications hosted on other servers too? I think it should work but if you have tried this before maybe you can confirm.
  Many thanks,
  Filip.
  Like • Show 0 Likes0
  Actions
  - randall_williams-esristaff @ filipkral on Feb 5, 2015 12:37 PM
    Mark Correct
    Correct Answer
    I *absolutely* know it will work - I only suggested deploying apps on the same web server instance to save a little money on the certificates.
    
    You'd want a certificate for that application server so that you don't get mixed content messages in the browser, but as long as the solution uses SSL all the way through from end to end, you'll be golden.
    1 person found this helpful
    Like • Show 0 Likes0
    Actions
- billdoerflein @ randall_williams-esristaff on Mar 15, 2018 1:44 PM
  Mark Correct
  Correct Answer
  I believe that we are having the same issue. We just recently upgraded to ArcGIS server 10.5.1 along with WebPortal and Portal for Server. We have our map created that we want to share but when I try to share the map or use the link on any workstation it's asking for a username and password. We were told to contact our IT department for help with a certificate to access the server and share the map to the public world. I'd like to think this is pretty much the same issue as above.
  Like • Show 0 Likes0
  Actions
  - DaviAS1 @ billdoerflein on Jan 10, 2019 6:40 AM
    Mark Correct
    Correct Answer
    If the message given by your map is similar to this:
    Yo need to change the share property of your map to public.
    Like • Show 0 Likes0
    Actions

GeoNet

The Esri Community

How many SSL certificates does ArcGIS Server need?

Outcomes

Related Content

Recommended Content

Incoming Links