Skip To Content

Configuring the portal to trust certificates from your certifying authority

Portal for ArcGIS makes HTTPS requests to ArcGIS Server in a number of situations. When the portal needs to make an HTTPS connection to ArcGIS Server, it checks to see if the certificate returned by the server is trusted. If it's not trusted, the connection will fail.

By default, Portal for ArcGIS trusts some well known certifying authorities (CAs) such as Verisign and Thawte. However, it may not trust a CA that is less well known or is specific to your organization. For example, many organizations have root CAs that don't actually sign web server certificates, rather, they only certify intermediate CAs. These intermediate CAs are often the ones that sign your web server's certificate. If your certificate is signed by an intermediate CA, you need to import the root certificate first, then the intermediate certificate, as described below.

  1. Obtain the certificates you want to import. In many cases, these certificates may already be loaded into your organization's browsers and can be exported from the browser.
  2. Sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is in the format https://webadaptorhost.domain.com/webadaptorname/portaladmin.
  3. If you are configuring highly available portal machines to trust certificates, you must log in through port 7443 using the URL in the format https://portalhost.domain.com:7443/arcgis/portaladmin. Note that since importing certificates will cause the portal to restart, this operation may trigger a failover for your highly available portal.
  4. Import the root and intermediate certificates:
    1. Click Security > SSLCertificates > Import Root or Intermediate Certificate.
    2. Browse to the location of the root certificate provided by the CA and click Import.
    3. Browse to the location of the intermediate certificate and click Import.
    4. Repeat these substeps for additional root and intermediate certificates.