Overview:
Adding a self-signed certificate to a computer’s “Trusted Root Certification Authorities” store will cause that computer to trust the SSL certificate, and will let you browse to an SSL secured web page without displaying a security warning. You may need to do this if you are connecting Geocortex Essentials or Analytics to a map server or web server secured with a self-signed SSL certificate.
The method below will tell the computer or server you use to trust the certificate of the server you are navigating to. This will allow Essentials or Analytics to connect to the URL as though it was using a properly trusted certificate.
Please note that while this method should work in most cases, we have seen some issues, notably around connecting to a service with a self signed certificate through a proxy server. In the event you are using a proxy server between Essentials, and your ArcGIS server, we recommend using a valid certificate from a trusted certificate authority.
Solution:
- Navigate to the webpage of the SSL secured website that you want to import the certificate for, on the server or workstation that you want to trust the certificate.
- Note that you are getting a certificate error in the address bar:
- Click on the error, and select “View Certificate”:
- Click on the “Install Certificate” button:
- The Certificate Import Wizard will start. Select Local Machine, and click next:
- Select “Place all certificates in the following store” and click Browse:
- Select the “Trusted Root Certification Authorities” folder:
- Click OK
- Click Next
- Confirm your import settings, which should look like the following screenshot:
- You will see a popup box confirming the import was successful:
- Close and re-open your browser. Note that the site is now trusted:
- Attempt to re-add your Map service to Essentials, or Insight, and it should now complete successfully.
Troubleshooting
If you are still seeing an SSL warning after importing, you can try the following:
1) Check the SSL Thumbprint
- Click on the error, and select “View Certificate”:
- Click on the Details tab, and scroll down to the Thumbprint section. Note the Thumbprint of the certificate that you are seeing in IE:
- Open your start menu, and type in Certificate. Open the Certificate Manager (note, this may look a little different on older versions of Windows)
- Expand Trusted Root Certification Authorities, and look in the Certificates folder
- Double click the certificate for your server
- As in Step 2, go to the details tab, and look at the thumbprint. It should match the thumbprint in the browser. If it doesn't, you may need to delete the certificate in the Trusted Root Certification Authorities, and re-add it from the browser.
2) Check that the Common name of your certificate matches the URL you are using
Another thing you can check is that the URL the certificate is issued to matches the URL you are using:
- In the Address bar, click the security warning, and select "View Certificate". You might also notice that the Certificate error you are seeing indicates a Mismatched address:
- In the Issued To section, you can see that the server this certificate is issued to (dbriggs-ess13) does not match the address we were trying to use (badservername). This indicates that we will need to change the URL we are navigating to, to dbriggs-ess13, or we will need to create a new certificate for badservername, and create the binding for it in IIS. Doing so is outside the scope of this guide.
Comments
0 comments
Article is closed for comments.