问题

问题:当 Web Adaptor 部署在 WebSphere 上时,ArcGIS 资源无法通过 HTTPS 访问。

Last Published: July 20, 2023

描述

In ArcGIS 10.6.1, resources are inaccessible through HTTPS when the Web Adaptor is deployed on WebSphere. This can manifest itself in the following ways:

  • When configuring ArcGIS Server with the Java Web Adaptor, the user interface displays the following error message:
Error:
Unable to register the ArcGIS Server with the Web Adaptor. Please make sure that the server machine is running and that the account specified has administrative privileges to the site.
  • When configuring Portal for ArcGIS with the Java Web Adaptor, the user interface displays the following error message:
Error:
Unable to configure Portal with the Web Adaptor. Please make sure that the Portal machine is running and that the account specified has administrative privileges to the Portal.
  • The error in the WebSphere application server logs is
Error:
Unable to get token for user <username>, Error in admin request for get machines Received fatal alert: handshake_failure.

原因

Starting at ArcGIS 10.6.1, the secure socket layer (SSL) protocol TLSv1 is disabled by default for both Portal for ArcGIS and ArcGIS Server due to Payment Card Industry (PCI) compliance. By default, WebSphere uses SSL-TLS as the SSL handshake protocol, which is SSLv3 and TLSv1, and hence terminates HTTPS connections from the Web Adaptor to the ArcGIS Server and Portal for ArcGIS applications.

Note:
Starting with ArcGIS Web Adaptor for Java 10.3, SSLv3 is no longer supported to prevent the POODLE vulnerability.

解决方案或解决方法

To use HTTPS with the ArcGIS Web Adaptor on WebSphere, update the WebSphere configuration to use SSL_TLSv2 as the SSL handshake protocol, which is SSLv3 and TLSv1, TLSv1.1, and TLSv1.2.

Follow the instructions below.

  1. Log in to the WebSphere Application Server Integrated Solutions Console.
  2. Click Security > SSL certificate and key management, and under Related Items, click SSL configurations.
  3. Click NodeDefaultSSLSettings (default).
  4. Under Additional Properties, click Quality of protection (QoP) settings. QoP settings define the strength of the SSL encryption, the integrity of the signer, and the authenticity of the certificate.
  5. Select a protocol for the SSL handshake SSL_TLSv2.
  6. Click OK and save directly to the main configuration.

In addition, the WebSphere Java Virtual Machine must be updated to start with SSL protocol TLSv1.1 and TLSv1.2. For this, follow the steps below.
 
In the WebSphere Administrative console:

  1. Click Servers > Server Types > WebSphere application servers, and click server1 to open it.
  2. Under Server Infrastructure, click Java and Process Management > Process definition.
  3. Under Additional Properties, click Java Virtual Machine.
  4. In the Generic JVM arguments text box, enter -Dhttps.protocols=TLSv1.1,TLSv1.2
  5. Click Apply, OK, and save directly to the main configuration.
  6. Restart the application server.
Note: 
The above solution is for Java Web Adaptor working with WebSphere 9. Review the WebSphere documentation for further details on security configuration for the organization level requirements.

文章 ID: 000018535

接收通知并查找新问题或常见问题的解决方案

从我们全新的 AI 聊天机器人中获得简明答案和视频解决方案。

下载 Esri 支持应用程序

相关信息

发现关于本主题的更多内容

获取来自 ArcGIS 专家的帮助

联系技术支持部门

下载 Esri 支持应用程序

转至下载选项