Community

ArcGIS Data Store - Import Root or Intermediate Certificate

662
5
09-26-2023 07:53 AM
Ranga_Tolapi
by
Occasional Contributor III
‎09-26-2023 07:53 AM

How to import Import Root or Intermediate certificate in to ArcGIS Data Store (version 10.9.1)? Can use updatesslcertificate.bat utility for this purpose?

Something similar to ArcGIS Server, refer to below screenshot.

Ranga_Tolapi_0-1695739835960.png

0 Kudos
5 Replies
AyanPalit
by Esri Regular Contributor
Esri Regular Contributor
‎09-26-2023 08:35 AM

@Ranga_Tolapi You can use updatesslcertificate command utility

Reference: ArcGIS Data Store utility reference

 

Ayan Palit | Principal Consultant Esri
0 Kudos
Ranga_Tolapi
by
Occasional Contributor III
‎09-26-2023 05:03 PM

@AyanPalit not found anything about Root or Intermediate certificate in the updatesslcertificate documentation.

0 Kudos
MiguelParedes
by Esri Contributor
Esri Contributor
‎09-27-2023 12:54 AM

Greetings @Ranga_Tolapi 

As far as I know, the Data Store does not require the Root and/or Intermediate certs. Only what is referred to as the "server" certificate (.pfx or .p12)  I would assume because it is always accessed through port 2443 by the ArcGIS Server only, and never directly.  It would be great if someone would corroborate whether my assumption is correct.  

I found this excellent article from our friends at Esri Australia that you may find of help: SSL Certificates in ArcGIS Enterprise components. It is very complete, but it does lack an explanation about why the DS does not require the Root and Intermediate SSL Certs.

Hope the above helps.

Miguel
AhmadIssa78
by
New Contributor
‎09-28-2023 02:47 AM

In ArcGIS Datastore machine(s) you need to run the command  updatesslcertificate, after you install the certificate on the ArcGIS Server machine(s). no need for any ( Root or Intermediate) crt or p12  certificates installtion on the datastore

MarcGraham2
by
Occasional Contributor III
‎10-11-2023 02:08 PM

We use the keystore explorer tool to import root and intermediate certificates.  You can find the datastore user and password using the listadminusers tool https://enterprise.arcgis.com/en/data-store/latest/install/windows/data-store-utility-reference.htm#... 

this is definitely required if you are updating your arcgis servers with a domain CA certificate and you want to establish a full cert chain.

This is poorly documented and supported by esri. it should have a similar admin interface to the rest of the stack.

0 Kudos