Enabling HTTPS programmatically

RichardWatson · ‎12-12-2012

I installed Server 10.1 SP1 (with security patch) on a new Windows Server 2012 server. My code checks the security configuration of ArcGIS Server and then changes it via a POST to http://localhost:6080/arcgis/admin/security/config/update with:

securityEnabled : true
httpEnabled : true
sslEnabled : true

That succeeds. The next thing I do is to try to POST to https://localhost:6443/arcgis/admin/security/config/updateIdentityStore but recieve the error:

System.Net.WebException: Unable to connect to the remote server
System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:6443
at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)

It seems like there is some type of delay here before SSL is actually enabled. After the error is recieved, SSL is enabled and it works fine. I think that the problem relates to timing. Suggestions?

nicogis · ‎12-12-2012

Peraphs the origin delay: applying changes to the Protocol parameter will automatically re-start your ArcGIS Server site.

RichardWatson · ‎12-12-2012

I think that that is probably true.

The thing that I am wondering is how to accomodate this?

The obvious things to do are to add a sleep statement and/or a retry.

I really hate programming this way.

nicogis · ‎12-12-2012

but before call the second POST do you dispose the sockets?

RichardWatson · ‎12-13-2012

I think that I understand what is going on here.

When you enable SSL, the server recycles itself. When, and if, the calls returns from enabling SSL; I followup by making another call. Subsequent calls will continue to fail until the server is functional again. I simply put this in a loop and try a certain number of times before giving up.

There are 2 obtuse problems here.

The first problem is that I believe there is a bug in ArcGIS Sever where it recycles before it returns a response from the call which enables SSL. In my case I have a single machine (i.e. localhost). You can easily see this by using the ArcGIS Server Administrator Directory and performing an update on security to enable HTTP and HTTPS. Try turning it on and off (HTTP only) several times. What you will see is that sometimes the browser hangs when enabling HTTPS.

The underlying code for this is in the SSLManager class. See enableSSLLocal and restartServersLocal in package com.esri.arcgis.discovery.admin which is in arcgis-admin.jar.

When I do this in code then my code hangs waiting for a response. The only workaround I see is to try to add timeout logic in my call to enable security.

The other problem, which is not an ArcGIS Server bug, is that the token I generated previously becomes invalid because the client ID changes when I subsequently use SSL. So, what I do is to generate a new token after enabling SSL.