English

Problem: Certificate error is returned when publishing to Portal for ArcGIS from ArcGIS for Server

Description

When publishing to Portal for ArcGIS from ArcGIS for Server, the following error is returned in the ArcGIS for Server logs:

"The certificate authority is invalid or incorrect WinINet ERROR_INTERNET_INVALID_CA, 12045), URL = http://www.arcgis.com/home/"

Note:
The URL 'http://www.arcgis.com/home/' represents an example of a site without the appropriate certificate. The URL differs for each user and scenario.


[O-Image]

Cause

The following are possible causes for this error.

• The Secure Socket Layer (SSL) certificate is issued by an unknown or unauthorized Certificate Authority (CA).
• GIS-tier authentication tokens from ArcGIS for Server are expiring.
• The self-signed certificate is causing errors with the HTTPS configuration between sites.
• Restarting the physical machine, which hosts a federated Portal for ArcGIS and ArcGIS for Server configuration.

Solution or Workaround

Follow the workarounds provided to address the issue.

• Install the missing SSL certificate to the CA to repair the broken chain. To determine the internal certificate used in ArcGIS for Server, follow the steps provided:

a. Log in to the ArcGIS Server Administrator directory. The following is an example of the ArcGIS Server Administrator Directory URL:

 http://gisserver.domain.com:6080/arcgis/admin

b. Click 'machines'. Under Machines, click the appropriate machine hosting the certificates.

c. Identify the Web Server SSL certificate, and click 'sslcertificates'.
[O-Image]
d. Click the certificate, which is set as the Web server SSL Certificate. Click 'export' and save the file.
[O-Image]
e. Import the certificate into the Portal for ArcGIS keystore. The following document explains this in detail: ArcGIS for Server: Configuring the portal to trust certificates from your certifying authority.

Note:
Visit the following website to verify and diagnose SSL certificates to confirm correct installation, validity, and trust: sslshopper.


• Modify the lifespan of the token and increase the timeout period. Refer to the following document for a detailed description:
ArcGIS for Server: Specify the default token expiration time.

• The following workaround is for errors appearing in a federated Portal for ArcGIS and ArcGIS for Server environment:

a. Navigate to Windows Start, and in the 'Search program and files' search bar type 'Services'. Click the Services icon.
[O-Image]


b. In the Services console, restart both the ArcGIS for Server and Portal for ArcGIS services.
[O-Image]
c. Unfederate ArcGIS for Server and Portal for ArcGIS. The following document describes in detail how to unfederate ArcGIS for Server from Portal for ArcGIS: ArcGIS for Server: Removing an ArcGIS Server site from your portal.

d. Restart the ArcGIS for Server and Portal for ArcGIS services.

e. Federate ArcGIS for Server with Portal for ArcGIS. The following document describes in detail how to federate ArcGIS for Server with Portal for ArcGIS, ArcGIS for Server: Federate an ArcGIS Server site with your portal.

f. Restart the ArcGIS for Server and Portal for ArcGIS services.

Note:
Step g and Step h can be skipped if a hosting server is not needed.

g. Add a hosting server. The following document describes in detail how to configure a hosting server: ArcGIS for Server: Configure a hosting server.

h. Restart the ArcGIS for Server and Portal for ArcGIS services.

• Reinstall Portal for ArcGIS. Follow the instructions in the installation guide to set up Portal for ArcGIS: ArcGIS for Server: Welcome to the Portal for ArcGIS (Windows) installation guide.

Related Information