Summary
This article describes the steps to import an SSL certificate to a highly available ArcGIS Enterprise portal.
Procedure
Export the certificate as a PFX from Internet Information Services (IIS)
- Log in to the web server machine.
- Open IIS.
- Click the Server name.
- Go to Server Certificates.
- Right-click the desired certificate and choose Export.
- Configure a password (it can be as simple as 1234).
- Browse to a location to export the certificate to, give it a name, and click Open.
- Click OK to export.
Import the certificate to the Primary Portal
- Log in to the Portal for ArcGIS administrator directory.
- Browse to Machines > [machine] > SSLCertificates > Import Existing Server Certificate
- Note: If the certificate you are importing was issued by a CA, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate. Then proceed with the next steps.
- In the Certificate password field, type the password to unlock the file containing the certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.pfx) file that contains the certificate and its private key.
- Click Import to import the certificate.
Import the certificate to the standby portal
- Repeat steps 1 to 6 in the previous section.
Update the standby portal to use the certificate
- Browse to Machines > [machine] > SSLCertificates > Import Existing Server Certificate>Update
- In the Web server SSL Certificate field, enter the alias of the existing CA-signed certificate.
- Click Update, as shown in the image below.
- Note: This might automatically restart the Portal for ArcGIS site.
Update the primary Portal to use the certificate
- Repeat steps 1 to 3 in the previous section.
- Stop the Standby Portal service.
- Restart the Primary Portal service.
- Restart the Standby Portal service.
- Import the certificate to the first ArcGIS Server machine:
- Log in to the ArcGIS Server administrator directory.
- Browse to machines > [machine name] > sslcertificates
- Note: If the certificate you are importing was issued by a CA, you must first import the CA's root or intermediate certificate. Click importRootOrIntermediate to import the CA's root or intermediate certificate. Then proceed with the next steps.
- Click importExistingServerCertificate to import the server certificate.
- In the Certificate password field, type the password to unlock the file containing the certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.pfx) file that contains the certificate and its private key.
- Click Import to import the certificate.
Import the certificate to the second ArcGIS Server machine
- Repeat steps 5a to 5g in the previous section.
Update the first ArcGIS Server machine to use the certificate
- Browse to machines > [machine name].
- Click Edit, as shown in the next image.
- Type the name of the certificate that you want to use in the Web server SSL Certificate field.
- Click Save Edits to apply the change.
- Note: This might automatically restart your ArcGIS Server site.
Update the second ArcGIS Server machine to use the certificate
- Repeat steps 1 to 4 in the previous section.
Bind the certificate to the https binding the IIS
- Restart the first ArcGIS Server service.
- Restart the second ArcGIS Server service.
- Bind the certificate to the https binding the IIS:
- Log in to the Web Server machine.
- Open IIS.
- Click the Server name:
- Click the default website and choose bindings, as shown in the following image:
- Click the https bindings and click Edit.
- Under SSL certificate, select the certificate.
- Click OK.
- Click Close.