HOW TO

Import an SSL certificate to a highly available environment

Last Published: December 5, 2022

Summary

This article describes the steps to import an SSL certificate to a highly available ArcGIS Enterprise portal.

Procedure

Export the certificate as a PFX from Internet Information Services (IIS)

  1. Log in to the web server machine.
  2. Open IIS.
  3. Click the Server name.
  4. Go to Server Certificates.
  5. Right-click the desired certificate and choose Export.
    1. Configure a password (it can be as simple as 1234).
    2. Browse to a location to export the certificate to, give it a name, and click Open.
    3. Click OK to export.
Graphical user interface, application  Description automatically generated

Import the certificate to the Primary Portal

  1. Log in to the Portal for ArcGIS administrator directory.
  2. Browse to Machines > [machine] > SSLCertificates > Import Existing Server Certificate
    • Note: If the certificate you are importing was issued by a CA, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate. Then proceed with the next steps.
  3. In the Certificate password field, type the password to unlock the file containing the certificate.
  4. In the Alias field, type a unique name that easily identifies the certificate.
  5. Click Browse to choose the (.pfx) file that contains the certificate and its private key.
  6. Click Import to import the certificate.
Text  Description automatically generated

Import the certificate to the standby portal

  • Repeat steps 1 to 6 in the previous section.

Update the standby portal to use the certificate

  1. Browse to Machines > [machine] > SSLCertificates > Import Existing Server Certificate>Update
  2. In the Web server SSL Certificate field, enter the alias of the existing CA-signed certificate.
  3. Click Update, as shown in the image below.
    • Note: This might automatically restart the Portal for ArcGIS site.
Text  Description automatically generated
Graphical user interface  Description automatically generated with medium confidence

Update the primary Portal to use the certificate

  1. Repeat steps 1 to 3 in the previous section.
  2. Stop the Standby Portal service.
  3. Restart the Primary Portal service.
  4. Restart the Standby Portal service.
  5. Import the certificate to the first ArcGIS Server machine:
    1. Log in to the ArcGIS Server administrator directory.
    2. Browse to machines > [machine name] > sslcertificates
      • Note: If the certificate you are importing was issued by a CA, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate. Then proceed with the next steps.
    3. Click importExistingServerCertificate to import the server certificate.
    4. In the Certificate password field, type the password to unlock the file containing the certificate.
    5. In the Alias field, type a unique name that easily identifies the certificate.
    6. Click Browse to choose the (.pfx) file that contains the certificate and its private key.
    7. Click Import to import the certificate.
Graphical user interface, text, application, email  Description automatically generated
Import the certificate to the second ArcGIS Server machine
  • Repeat steps 5a to 5g in the previous section.

Update the first ArcGIS Server machine to use the certificate

  1. Browse to machines > [machine name].
  2. Click Edit, as shown in the next image.
  3. Type the name of the certificate that you want to use in the Web server SSL Certificate field.
  4. Click Save Edits to apply the change.
    • Note: This might automatically restart your ArcGIS Server site.
Graphical user interface, text, application, email  Description automatically generated

Update the second ArcGIS Server machine to use the certificate

  • Repeat steps 1 to 4 in the previous section.

Bind the certificate to the https binding the IIS

  1. Restart the first ArcGIS Server service.
  2. Restart the second ArcGIS Server service.
  3. Bind the certificate to the https binding the IIS:
    1. Log in to the Web Server machine.
    2. Open IIS.
    3. Click the Server name:
    4. Click the default website and choose bindings, as shown in the following image:
      1. Click the https bindings and click Edit.
      2. Under SSL certificate, select the certificate.
      3. Click OK.
      4. Click Close.
Graphical user interface, application  Description automatically generated

Article ID: 000027607

Software:
  • Portal for ArcGIS
  • ArcGIS Server

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options