Problem: Unable to create collaboration between ArcGIS Enterprise portals
In Portal for ArcGIS, when attempting to create a collaboration from 'portal A' to 'portal B', the requested invitation is sent to portal B. However, during the procedure, the connection fails with the following error:
Error: SSL Certificate Error Failed to validate SSL certificate for https://<machine.domain.com>/portal. The certificate authority that issued the SSL certificate needs to be trusted by Portal before the invitation can be accepted. See Configuring the portal to trust certificates for more information.
This issue is caused by an untrusted certificate authority between portal A and portal B. Both portals must be configured before the invitation response can be accepted. For instance, it is possible to create a collaboration with a self-signed certificate as the prerequisite requires all portals in the collaboration to trust the certifying authority. For more information, refer to Prerequisites to creating a collaboration.
Solution or Workaround
In the case of Portal for ArcGIS using self-signed certificates, follow the steps provided below.
- Export the self-signed certificate from IIS for portal A. For more information, refer to the following Windows Server help page, Export a Server Certificate (IIS 7).
- Import the certificate to portal B. For more information, refer to Import the root CA certificate.
- Repeat the same process to export the certificate from portal B and import it to portal A.
In the case of Portal for ArcGIS using certificate authority (CA), refer to Configuring the portal to trust certificates from your certifying authority.
Note: After the update is completed, importing certificates causes Portal for ArcGIS to restart. In some scenarios, this operation may trigger a failover for a highly available portal.