SSL Certificates (HA) | ArcGIS REST APIs

URL:: https://<root>/machines/<machine>/sslCertificates
Methods:: GET
Operations:: Generate Certificate, Import Existing Server Certificate, Import Root or Intermediate Certificate, Update Web Server Certificate
Child Resources:: SSL Certificate
Version Introduced:: 10.8

Access requirements

Required privileges

The Portal Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.

Security and Infrastructure

Tokens

This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Portal Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.

Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generateToken operation in the Portal Directory API. For security reasons, all POST requests made to the Portal Administrator API must include a token in the request body.

Learn how to generate a token

Description

The sslCertificates resource lists all the certificates (self-signed and CA-signed) created for a portal machine as well as the certificates currently configured with ArcGIS Enterprise portal. This resource also provides access to operations that can be used to manage SSL certificates in a highly available (multiple machine) environment.

Before you enable SSL on your portal, you need to generate certificates and get them signed by a trusted certificate authority (CA). For your convenience, the portal is capable of generating self-signed certificates that can be used during development or staging. However, it is critical that you obtain CA-signed certificates when standing up a production server.

To get a certificate signed by a CA, you need to generate a CSR (certificate signing request) and then submit it to your CA. The CA will sign your certificate request, which can then be imported into the server by using the Import Signed Certificate operation. The portal securely stores self-signed, CA-signed, and configured certificates inside a key store.

Request parameters

Parameter	Details
`f`	The response format. The default response value is `html`. Values: `html` \| `json` \| `pjson`

Example usage

The following is a sample request URL used to access the sslCertificates resource:

Use dark colors for code blocksCopy
https://organization.example.com/<context>/portaladmin/machines/MACHINE.EXAMPLE.COM/sslCertificates?f=pjson

JSON Response syntax

Use dark colors for code blocksCopy
{
  "sslCertificates": [
    "<certificate1>",
    "<certificate2>",
    ...
  ],
  "webServerCertificateAlias": "<certificate>"
}

JSON Response example

Use dark colors for code blocksCopy
{
  "sslCertificates": [
    "portal",
    "myproductioncertificate"
  ],
  "webServerCertificateAlias": "portal"
}