keyAlias attribute value in server.xml automatically reverts to an invalid state

Description

When an invalid or expired certificate is used in ArcGIS Server, the administrator or manager endpoints through port 6443 become inaccessible. Changing the keyAlias attribute in the server.xml file to reflect the self-signed certificate value allows access to the endpoints. However, once the ArcGIS Server service is started, the server.xml file reverts to the previous keyAlias attribute value, causing the endpoints to be inaccessible.

Cause

This issue occurs due to the read and write permission settings of ArcGIS Server.

Solution or Workaround

1. Stop the ArcGIS Server service.
2. Navigate to the following directory and open server.xml with a text editor:

   C:\Program Files\ArcGIS\Server\framework\runtime\tomcat\conf\server.xml

3. Search for the keyAlias parameter and change the values to SelfSignedCertificate.
4. Save the file.
5. Revoke write permissions of the ArcGIS Server service account to server.xml. For more information, refer to ArcGIS Help: Changing the ArcGIS Server Account.
6. Start the ArcGIS Server service. The endpoints are now accessible.
7. Add the write permissions of the ArcGIS Server service account to server.xml.