We are operating a deployment of ArcGIS Enterprise on Linux boxes, in AWS.
We have found the management of certs across our enterprise to be a tedious management task, especially when we make infrastructure changes to the environment.
Can ArcGIS Enterprise on Linux operate cert-free in our own private environment? If so, is there any literature for this?
Hi @ReeseFacendini . I work with @JohnSteed1 . We don't have an ALB per se, but we have a lot of other machinery which include Certs and SSL, fronting our ArcGIS environment. By the time we reach our ArcGIS environment, we can safely using HTTP from a security perspective. But we don't know whether this will come back to bite us in other ways, and are seeking guidance on that.
My limited knowledge of this subject suggests that the use of HTTP instead of HTTPS is lightly documented. For example, I believe that we can subtract (443-80) from many port numbers to reference an HTTP port, e.g. 2080 on arcserver instead of 2443.
@JonathanEpstein starting at Enterprise 10.7, all traffic must go over HTTPS. Downgrading to HTTP will cause issues with all aspects of the system, and lead to very odd errors within the logs (once things stop working). If your Enterprise system is being access through a web server that sits in front of everything, and that's where the SSL cert lives, then no you don't have to worry about dealing with certs on Portal or ArcGIS Server.
Thanks @ReeseFacendini but what you've written is self-contradictory to me.
How can one use HTTPS on the arcgis servers, without managing Certs on those servers?
Are you saying that we could use self-signed Certs on arcgis, rather that our real Certs which reside on our own "web server" ?
Our software comes with self-signed certs, in order get up and running out of the box. Keeping the actual cert at the "web server" tier, and the self-signed certs in place on the different components, you won't need to go in and update the certs every time they expire.