Hi, I would appreciate if somebody could clarify how many SSL certificates I need in the following setup.
Windows server with IIS7+ with ArcGIS for Server 10.2.2 and WebAdaptor configured.
Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server? Therefore, I need one CA-signed certificate for ArcGIS Server and if I am going to host some secure web application on the same machine I need another CA-signed certificate for IIS right? The ArcGIS Server services should be available to client applications hosted on other servers too and therefore both my certificates need to be CA-signed. WebAdaptor does not need any certificate.
Is that correct?
Filip.
Hi Filip,
1. Do I understand correctly that the certificate used for IIS has nothing to do with the certificate for ArcGIS Server?
A. Correct
Personally, here's what I'd do, especially if I'm hosting the web server (IIS) and ArcGIS Server on the same machine:
a. Use new self signed certificate created via the Admin API with a CN that matches the machine's FQDN
b. Configure IIS with a CA signed certificate
c. Connect the web adaptor to the GIS Server (port 6443)
d. Deploy the web apps on the same server.
This way both the web adaptor and applications are both behind a single SSL certificate. At this point, you just provide users with the URL to the web adaptor. I prefer not to expose ArcGIS Server to users on ports 6080 or 6443, so even if I chose NOT to deploy a web adaptor I would still follow this same workflow, but configuring IIS as a reverse proxy to expose the GIS Server to the public.