AnsweredAssumed Answered

Portal 10.5.1 Scene Viewer does not render due to SSL Certificate Problem - Any suggestions?

Question asked by geasand on Sep 19, 2017

I am currently testing on a development machine ArcGIS Portal 10.5.1 and am having a problem with the Scene Viewer.  It will not render any map services.

 

On a production machine running ArcGIS Portal 10.4.1 the Scene Viewer renders the same map services with no problem.  

 

I recently updated the IIS SSL certificates on the machine hosting 10.4.1 Portal and AGS and the IIS SSL certificates the dev machine hosting 10.5.1 Portal and AGS.  After installing the new IIS certificates the 10.4.1 scene viewer failed to render.  It was working before the certificate update.  I had neglected to import the new SSL certificates to the 10.4.1 Portal's embedded web server (TomCat?) and the embedded web server (TomCat?) for 10.4.1 AGS.  However, once I imported the new certificates Scene Viewer 10.4.1 started working again.  When the 10.4.1 Scene Viewer failure was occurring the Portal log file indicated there was a problem with the SSL connection.

 

I think I have completed the same import of the SSL certificates in the 10.5.1 Portal and AGS embedded web servers but no joy with Scene Viewer.  The 10.5.1 Portal log file is NOT reporting any SSL problems.

 

I am using the latest version of Chrome and so the graphics engine should not be the issue.  And the test of WebGL in Chrome reports success.

 

I have imported the Root and Intermediate certificates used to generate the Web Server certificate.

 

I also have bound the new certificates to  the IIS default web site and ran the Portal Admin Update service that binds the certificate to the embedded web server.

 

The web server certificates include the private key.

 

The 10.4.1 and 10.5.1 Portals and AGS render maps with no problem in the web map viewer and web map applications.

 

So I'm stuck.

I suspect the issue is related to the SSL certificates.

 

Questions:

1) Does it matter if the certificate includes the certificates of the certification path?  I have tried certificates that do not include the certificates of the certification path but no joy.

2) OR, is it required that the Root and Intermediate certificates be separate imports to the embedded Portal web server and that their serial number match the certificates listed in the web server certificate certification path?  I may have this one buggered.  Wasn't sure if it mattered.

 

Any suggestions would be much appreciated.

 

DG

Outcomes