Skip To Content ArcGIS for Developers Sign In Dashboard

Update Web Server Certificate

  • URL:https://<portaladmin>/security/sslCertificates/update(POST only)
  • Required Capability:Administrator
  • Version Introduced:10.3

Description

Use this operation to configure the web server certificate, TLS protocols, and cipher suites used by the portal.

Parameters

ParameterDetails
webServerCertificateAlias

The name of the certificate. This is a required parameter. The certificate must be present in the portal.

sslProtocols

The TLS protocols the portal will use. TLSv1.2 is enabled by default. You can also enable TLSv1 and TLSv1.1. Values must be separated by commas.

Note:

Ensure that the web server hosting your Web Adaptor can fully communicate over the protocols you're enabling. If you're using a Java Web Adaptor, the web server hosting the Web Adaptor must be using Java 8 or later.

cipherSuites

The cipher suites the portal will use. Refer to the list of valid and default cipher suites in the next section. Values must be separated by commas.

HSTSEnabled

A Boolean that indicates whether HTTP Strict Transport Security (HSTS) is being used by the portal. See Enforce strict HTTPS communication for more information.

Accepted values: true | false

Default value: false

f

The response format. The default response format is html.

Values: html | json

Valid cipher suites

The following cipher suites are enabled by default in the portal:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA

The following cipher suites are not enabled by default, but are valid and can be added using this operation:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA

Example

https://portal/arcgis/portaladmin/security/sslcertificates/update
	webServerCertificateAlias=myselfsignedcertificate