Community

The Layer, <layer_name>, cannot be added to the map" Certificate issue? but then... "Importing CA certificate failed"(10.4.3 Server on Linux)

301
1
10-06-2019 02:48 PM
howardfoster
by
New Contributor
‎10-06-2019 02:48 PM

The Layer, <layer_name>, cannot be added to the map” / Certificate issue? / “Importing CA certificate failed”

I’m getting a “The Layer, <layer_name>, cannot be added to the map” error message for a layer served from my ArcGIS Server when accessed from an arcgis.com map.   Certificate problem?  I’ve purchased a C.A. for use in Apache2 (Ubuntu machine) and it works fine and I’ve attempted to install the C.A. via the importRootOrIntermediate procedure via https://<site>:6443/arcgis/admin.  However, I get the un-helpful error message “Importing CA certificate failed.” (!?).  One possibility is that I received my certificate in “p7b” format and not the required the ‘.pfx” format, and thus I converted it via the following procedure:

openssl pkcs7 -print_certs -in my_certificate.p7b -out my_certificate.cer

openssl pkcs12 -export -in my_certificate.cer -inkey mykey.key -out my_certificate.pfx -certfile CA.cer

## Note: CA.cer converted from CA.crt using a Microsoft procedure.

 

But no-go.  Any advice welcome.

-Howard

0 Kudos
1 Reply
howardfoster
by
New Contributor
‎10-07-2019 01:55 PM

Fixed this. This was definitely a certificate issue.  importRootOrIntermediate is not the right procedure.  Instead, it's importExistingServerCertificates

  • Buy/get a recognized CA.  Convert to a pfx format if necessary (in Linux, follow instructions above).
  • https:<yoursite>:6443/arcgis/admin/  then go to... >>Home/machines/<machine_name>/sslcertificates/importExistingServerlCertificate
  • Know where your CA is located, have an alias name ready (critical! this is how this certificate will be referred to in subsequent operations) and fill out the form.  If successful, your alias named certificate will show up in machines/<machine_name>/sslcertificates
  • Then, still in the admin endpoint, back up to <machine_name>, press the "edit" selection, fill in "Web server SSL certificate" with the ALIAS name, "Submit" and the server will now restart -- takes maybe 2-3 minutes.  If you have led a clean life everything will now work.
0 Kudos