Understanding ArcGIS Enterprise and SSL

GEO Jobe has worked with many ArcGIS Enterprise deployments. Either installing or giving a helping hand. The latter usually involves a client that attempted to install ArcGIS Enterprise themselves. Which is great!  

Image: Esri Software Security and Privacy Team

However, when we get the call for assistance and begin troubleshooting their installation, it almost always comes down to their Secure Socket Language certificate or SSL cert for short.  I’m not going to dive into the specifics of SSL and https, but you can get the details here.

Usually it’s because the client only did the base installation and used the built in SelfSigned SSL certs that come with software. Those are only good for testing. They are not meant for any Production environment, or even a Pre-Production environment.  

I cannot stress enough the importance of having a CA signed SSL cert from a reputable source such as DigiCert, or GoDaddy. If your organization does their own cert signing (domain certificate) that will work too. Although there’s a few more steps when establishing the chain from Root → Intermediate → Cert. Esri has great documentation on how to configure SSL (and no that is not an optional step).  

Also, don’t blame Esri. This is the way internet security is trending.  Browsers are increasingly forcing https for web traffic. They will block certain calls happening over http or if it detects an issue with an SSL cert. That is the reason why when you do not have a proper CA signed or Domain SSL cert configured your ArcGIS Enterprise installation does not work properly. You get all sorts of odd behavior. There are several free SSL checkers out there. I’ve provided a link to DigiCerts checker below.

SSL and https are good things. They help to keep the traffic, your data, secure while traveling over the internet. Save yourself the headache later on and have your SSL certs lined up before you start configuring your base deployment.  

 

How does an SSL certificate work?
How does an SSL certificate work? (Credit: Symantec)

Useful Weblinks:

Read more useful articles from Nick HERE

Nick Lawalin

Solutions Engineer

Nick Lawalin is a Solution Engineer for GEO Jobe. Follow him on twitter: @nicklawalin