Summary
This article describes the detailed steps and suggested references for an ArcGIS Enterprise base deployment. The resulting environment is a federated ArcGIS Enterprise system with public availability.
Notes:
- The certificate referenced in this article can be a Wildcard or CA-Signed certificate. If a domain certificate is going to be used, you can skip exporting/importing the root certificate. However, the domain certificate is NOT going to allow the environment to be publicly accessible.
- When choosing an alias to the certificate while importing it to ArcGIS Enterprise, make sure to use one word with NO special characters, as having spaces or special characters in the certificate alias could break Portal/Server.
- Importing the Root or intermediate certificate automatically restarts Portal for ArcGIS and ArcGIS Server.
- Updating Portal for ArcGIS and ArcGIS Server to use the new certificate automatically restarts the application.
- Updating the Portal and Server properties (Setting up the WebContext URL) automatically restarts the application.
Procedure
Read the notes in the previous section carefully before implementing these steps:
- Install the products:
- Install Portal for ArcGIS
- Install ArcGIS Web Adaptor for Portal
- Install ArcGIS Server
- Install ArcGIS Web Adaptor for Server
- Install ArcGIS Data Store
- Configure the environment:
- Create the Portal for ArcGIS site
- Create the ArcGIS Server site
- Configure ArcGIS Server and Portal for ArcGIS with the ArcGIS Web Adaptor
- Register ArcGIS Data Store with ArcGIS Server
- Import the SSL certificate to Portal for ArcGIS and ArcGIS Server and update Portal and Server to use it:
- Export the (Wild card or CA-signed) certificate from the IIS:
- Log in to the Web Server machine.
- Open Internet Information Services.
- Click on the Server name.
- Go to Server certificates.
- Right-click the desired certificate and choose Export.
- Configure a password (it can be as simple as 1234).
- Browse to a location to export the certificate to, give it a name, then click Open.
- Click OK to export.
- Open the certificate again by clicking View.
- Go to the certification path tap.
- Choose the root certificate and click View certificate.
- Click (details) on the new certificate window, then choose: Copy to file.
- Follow the wizard to export the certificate as a .cer file.
- Import the certificate to Portal.
- Log in to the Portal for ArcGIS administrator directory.
- Browse to Security > SSLCertificates > Import Root or intermediate certificate:
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.cer) file.
- Click Import to import the certificate.
- Browse to Security > SSLCertificates > Import Existing Server Certificate.
- In the Certificate password field, type the password to unlock the file containing the certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.pfx) file that contains the certificate and its private key.
- Click Import to import the certificate.
- Update the Portal to use the certificate:
- Browse to Security > SSLCertificates > Import Existing Server Certificate>Update
- In the Web server SSL Certificate field, enter the alias of the existing CA-signed (.pfx) certificate.
- Click Update.
- Note: This might automatically restart your Portal for ArcGIS site.
- Import the certificate to ArcGIS Server:
- Log in to the ArcGIS Server administrator directory.
- Browse to machines > [machine name] > sslcertificates.
- Click importRootorIntermediateCertificate to import the server certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.cer) file.
- Browse to machines > [machine name] > sslcertificates > importExistingServerCertificate to import the server certificate:
- In the Certificate password field, type the password to unlock the file containing the certificate.
- In the Alias field, type a unique name that easily identifies the certificate.
- Click Browse to choose the (.pfx) file that contains the certificate and its private key.
- Click Import to import the certificate.
- Update the first ArcGIS Server machine to use the certificate:
- Browse to machines > [machine name].
- Click Edit.
- Type the name of the certificate that you want to use in the Web server SSL Certificate field.
- Click Save Edits to apply your change.
- Note: This might automatically restart your ArcGIS Server site.
- Bind the certificate to the https binding in IIS:
- Log in to the Web Server machine.
- Open the Internet Information Services.
- Click on the Server name:
- Click on the default website and choose bindings:
- Click on the https bindings and choose: Edit.
- Under SSL certificate, select the certificate and click OK.
- Click Close.
- Configure Portal and Server with the WebContext URL:
- Log in to the Portal for ArcGIS administrator directory.
- Browse to System > Properties > Update:
- Click Update.
- Log in to the ArcGIS Server administrator directory.
- Browse to System > Properties > Update:
- Click Update.
- Federate Portal for ArcGIS with ArcGIS Server