ejuarbe

CA Certificate troubleshooting

Discussion created by ejuarbe on Oct 30, 2013
Latest reply on Dec 6, 2013 by crafty762
Hi-

I've gone through every resource I can find, but still am having a problem installing a CA signed SSL Certificate. 

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_the_default_self_signed_certificate/0154000005wq000000/

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_using_a_new_CA_signed_certificate/0154000005wr000000/

http://resources.arcgis.com/en/help/server-admin-api/index.html?certificate.html

If there is anyone that has installed their correctly with the (below) describe architecture, please let me know what steps you took...  I've been through ESRI's support, but so far not able to get the SSL working...  Thought I'd take a crack on this forum.

Environment:
ArcGIS Server 10.1 SP1 on Windows DataCenter 2008 R2
Single server on DMZ-no reverse proxy or web adaptor
CA signed by GoDaddy using the admin API to generate the cert from the self-signed cert...

Long story short, our IT department initially installed the certificate through IIS 7.0 (as detailed by GoDaddy).  We quickly found the https side in ArcGIS admin failed.  After this, we removed the certificate, set up the self-signed certificate (worked on both http/https sides), created the CSR, imported the signed certificate (there was some confusion with which certificate to import one was a *bundle* named file, the other a file with numeric name).  In the end we tried one, then the other, then installed both.  All trials ended with the http side working, but https not-had to revert to the self-signed certificate.

At this point I'm a bit frustrated (but not done with trying) with why this isn't working...  Could the certificate be either locked or dependencies removed in installling the cert in IIS and removing it, something may either be still installed or unintentionally removed during this process...  Also, I came across some help info for the GeoEvent Processor and manually adding a KeyPair (didn't find anything else with this), and wondered if anyone had to add the KeyPair manually, or if there was a way to verify the KeyPair existence on the server for 10.1?  My most recent attempt to get ESRI support was them acknowledging a bug with importing CA certificates, am still waiting to get them to respone further, since there seems to be numerouse successful installations as observed through these forums.

Any info, thoughts, comments, or other resources would be greatly appreciated.

Ed

Outcomes