ERROR

ArcGIS Enterprise: Invalid SSL Certificates found. PKIX path validation failed

Last Published: December 18, 2024

Error Message

Attempts to access or publish services in a federated ArcGIS Enterprise environment fail and return the following error:

Error:
Invalid SSL Certificate Found. PKIX path validation failed: java.security.cert.CertPathValidatorException. Validity check failed.

Cause

  • ArcGIS Server and Portal for ArcGIS are federated with ArcGIS Web Adaptor using an expired certificate. This occurs in highly available setups where specific components are overlooked during certificate updates.
  • New certificates are configured in ArcGIS Server and Portal for ArcGIS, but Internet Information Service (IIS) bindings are not updated to use the new certificate.

Solution or Workaround

Renew the certificates

  1. Generate a new self-signed certificate or request a renewal of the CA-signed certificate from the issuing certificate authority (CA) for the web server hosting ArcGIS Web Adaptor. Ensure the renewed certificate includes all relevant fully qualified domain names (FQDNs) or domain name services (DNSs) for all participating machines in the highly available setup. Refer to ArcGIS Enterprise: Create a new self-signed certificate for instructions.
  2. Import and configure the certificate in .pfx format on the portal and server endpoints. Refer to Portal for ArcGIS: Import a certificate into the portal and ArcGIS Server: Configure ArcGIS Server with an existing CA-signed certificate for instructions.
  3. Import and update the certificate into the IIS Manager. Refer to ArcGIS Enterprise: Create or obtain a server certificate for instructions and more information. For federated setups, enable HTTPS on ArcGIS Server when accessed through the Web Adaptor. Refer to ArcGIS Enterprise: Configure a CA-signed certificate for ArcGIS Server when accessed through ArcGIS Web Adaptor for instructions.

Update IIS bindings for the new certificate

Update the IIS bindings on the machine hosting the portal or server to apply the newly imported SSL certificate to the HTTPS binding for port 443. After applying the certificate, verify the binding has been updated and is functioning properly. Refer to ArcGIS Enterprise: Create or obtain a server certificate for instructions.

Article ID: 000034232

Software:
  • Portal for ArcGIS
  • ArcGIS Server
  • ArcGIS Enterprise 11 3
  • ArcGIS Enterprise 11 2
  • ArcGIS Enterprise 11 4
  • ArcGIS Web Adaptor

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options