Enabling SSL - No access to manager, admin, or rest services anymore

JeffMachamer · ‎04-16-2013

I had a typical ArcGIS Server 10.1 install on my local machine that worked without issues.

Today I went into manager to enable HTTPS so that I could begin testing out security configuration for our application. After enabling HTTPS using a self signed certificate, I am no longer able to access anything in ArcGIS server.

https://machinename:6443/arcgis/admin, https://machinename.domain.com:6443/arcgis/admin (and /arcgis/manager, /arcgis/rest) all return "The connection was reset".

The original :6080 sites redirect to the 6443 sites. Web adapter is not installed.

Looking in:
C:\arcgisserver\logs\machinename\server\ at the latest logfile I find a file full of these entries:
<Msg time="2013-04-16T11:21:46,66" type="WARNING" code="7709" source="Admin" process="1336" thread="1" methodName="" machine="machinename" user="" elapsed="">The Web Server was found to be stopped when it should have been started. Restarting it.</Msg>

I suspect I must have setup the self signed certificate incorrectly and need to redo that step, but I am unable to access manager anymore to do so. Is there anyway to reset the server configuration back to non-ssl manually without access to manager? Or will I be stuck uninstalling and reinstalling? (In hindsight I should have left both http and https access enabled initially until I knew https was working...)

Thanks,

Jeff Machamer
3-GIS

JeffMachamer · ‎04-16-2013

Using netstat I don't see port 6443 as being open. Should I? I still see port 6080 in the list.

ThomasMontefusco · ‎04-16-2013

Yes, open up that port.

Please see:

Ports used by ArcGIS Server

http://resources.arcgis.com/en/help/main/10.1/index.html#//015400000537000000

JeffMachamer · ‎04-16-2013

Yes, open up that port.

Please see:

Ports used by ArcGIS Server

http://resources.arcgis.com/en/help/main/10.1/index.html#//015400000537000000

I think you misunderstood my problem. The problem I'm having is on my local machine. I've got the firewall turned off. Besides, I believe netstat would still pick up the local port even if there was a firewall running.

ThomasMontefusco · ‎04-17-2013

Thanks. Are you using a self-signed certificate?

If so, see the following:

Enabling SSL using the default self-signed certificate
http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_the_default_self_signed...

Create a new self-signed certificate
http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_a_self_signed_certifica...

If importing:

Here are the steps you will take to import a new certificate: - http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_a_new_CA_signed_certifi...

If you are not importing a certificate then make sure your using these steps: - http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_the_default_self_signed...

ArcGIS Server, can be, shall we say "delicate" when it comes to SSL and certificates.

There are also some bugs which may apply:

[#NIM086807 Cannot login to ArcGIS Server Manager using Active Directory user accounts when the Active Directory is configured to require SSL or client signing for all requests. ]

http://support.esri.com/en/bugs/nimbus/TklNMDg2ODA3

[#NIM083801 When configuring external identity stores, support secure HTTPS connections to LDAP and Active Directory. ]

http://support.esri.com/en/bugs/nimbus/TklNMDgzODAx

JeffMachamer · ‎04-17-2013

Thanks for the info Tmontefusco but I think you are still misunderstanding my question.

Yes, I am using self signed certificates, however I'm not concerned with the process of getting it all setup. My question was in regards to the fact that ArcGIS Server got put into a state where I was unable to access any of the management tools (which all of your links require). I was hoping for instructions on how to recover from the problem, NOT turn on security. The information I provided concerning security was simply to provide background into what caused the problem.

I managed to fix my own problem by reinstalling ArcGIS Server. However, even after re-installing ArcGIS server the first time, the problem persisted until I removed the arcgisserver directory (containing config-store, directories, logs) and then re-installed again.

My assumption is that I probably could have removed the arcgisserver directory and triggered a re-initialization somehow, but deleting the directory and re-installing does work.

BubbaHey · ‎04-17-2013

Well, you stated "After enabling HTTPS using a self signed certificate, I am no longer able to access anything in ArcGIS server."

So, I can see how Tom was concentrating on the SSL part of the picture, along with possible ports being blocked. Yes, many times I have had to uninstall/reinstall and renaming or deleting the arcgisserver folder helped.

divyamgulati1 · ‎04-17-2013

There is one possible solution for this situation .. In the config store under the security folder, you have to make changes in the json file. Stop the Arcgis server service from the windows services panel and set the ssl enabled= false in this json configuration file..

BubbaHey · ‎04-19-2013

Great idea, divyam. I'm pretty lazy, if my basic troubleshooting doesn't work, I just uninstall/reinstall. Now if that doesn't work, then I have to dig in to find the issue.

StephanieSnider · ‎08-26-2013

For future reference, if you ever mess up your self-signed certificate in ArcGIS Server 10.1 and up, here's how to set it back to the default setting:
�?��?�IF CA certificate fails

The certificates live here .....\arcgisserver\config-store\machines\servername

Open the server.xml and scroll down to the bottom.

On the last line of code, you will see a keyAlias =�?�name of the certificate�?�. Since this one isn�??t working, change the alias back the original ESRI selfsigned certificate (SelfSignedCertificate).

The code should look like this:

Stop and start the ArcGIS Server service.