Error Message
After an ArcGIS Server SSL CA-signed certificate is revoked and reissued, attempting to access the ArcGIS Server site returns the following error in the web browser:
Error:
ERROR_INTERNET_SEC_CERT_REVOKED
Cause
The reissued SSL CA-signed certificate is not updated in the ArcGIS Server Administrator Directory. This corrupts the ArcGIS Server site, as the site continues to read the old certificate in the server.xml file.
Solution or Workaround
Revert to a self-signed certificate in the ArcGIS Server machine to re-establish access to the ArcGIS Server site. When access is re-established, update the ArcGIS Server Administrator Directory with the new SSL certificate.
- Log in to the ArcGIS Server machine with an administrative account, and stop the ArcGIS Server service.
- Navigate to the following directory, and create a backup of the server.xml file.
<ArcGIS Server installation directory>\Server\framework\runtime\tomcat\conf
- Open the server.xml file with a text editor software. Update the 'keyAlias' parameter to selfsignedcertificate, and save the file.
- Navigate to the following directory, and create a backup of the <machine_name>.json file.
C:\arcgisserver\config-store\machines
- Open the <machine_name>.json file with a text editor software. Update the 'webServerCertificateAlias' parameter to selfsignedcertificate, and save the file.
- Start the ArcGIS Server service. The ArcGIS Server site is now accessible.
- Log in to the ArcGIS Server Administrator Directory with an administrative account.
- Import the new SSL certificate into ArcGIS Server. For steps, refer to ArcGIS Server: Import the certificate into ArcGIS Server.
- Configure ArcGIS Server to use the newly imported certificate. For steps, refer to ArcGIS Server: Configure ArcGIS Server to use the certificate.