SSL Certificate | ArcGIS REST APIs

URL:: https://<root>/machines/<machine>/sslcertificates/<certificate>
Methods:: GET
Operations:: Export, Delete, Generate CSR, Import Signed Certificate
Version Introduced:: 10.1

Access requirements

Required privileges

The Sever Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.

Register data stores Feature layer Update Delete Security and infrastructure Servers Organization webhooks Geoprocessing Publisher role

Note that administrators assigned a custom role must also have the administrative View all content privilege assigned to them to access the API directory as an administrator. Additonally, any custom roles that include a webhook-related privilege must also include the general Publish server-based layers content privilege.

Tokens

This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Server Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.

Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generateToken operation in the Portal Directory API. For security reasons, all POST requests made to the Server Administrator API must include a token in the request body.

Learn how to generate a token

Description

The resource for an individual certificate returns information for a specific certificate. It also provides access to the Export, Delete, Import Signed Certificate, and Generate CSR operations.

A certificate represents a key pair that has been digitally signed and acknowledged by a certificate authority (CA). It is a fundamental component in enabling SSL on a server. This resource returns information about an individual certificate. New self-signed certificates created by the generate certificate operation are added to the keystore. For browsers and other HTTP client applications to trust the SSL connection on the server, these certificates must be digitally signed by a CA and imported into the keystore. Even though a self-signed certificate can be used to enable SSL, it is recommended that you use a self-signed certificate on staging and development servers.

Request parameters

Parameter	Details
`f`	The response format. The default response format is `html`. Values: `html` \| `json` \| `pjson`

Example usage

The following is a sample request URL for a an individual certificate resource:

Use dark colors for code blocksCopy
https://organization.example.com/<context>/admin/machines/MACHINE.EXAMPLE.COM/sslcertificates/selfSignedCertificate?f=pjson

JSON Response syntax

Use dark colors for code blocksCopy
{
  "aliasName": "<alias>",
  "entryType": "PrivateKeyEntry",
  "issuer": "<certificate issuer information>",
  "subject": "<certificate subject information>",
  "subjectAlternativeName": [<alternate name information>],
  "validFrom": "<starting date and time information for certificate validity>",
  "validUntil": "<ending date and time information for certificate validity>",
  "validFromEpoch": "<Epoch format of the starting date above>", //Introduced at ArcGIS Enterprise 11.1
  "validUntilEpoch": "<Epoch format of the ending date above>",  //Introduced at ArcGIS Enterprise 11.1
  "keyAlgorithm": "<key algorithm>",
  "keySize": "<key size>",
  "serialNumber": "<serial number>",
  "version": "3",
  "signatureAlgorithm": "<signature algorithm>",
  "keyUsage": [<key usage>],
  "md5Fingerprint": "<MD5 fingerprint>",
  "sha1Fingerprint": "<SHA1 fingerprint>",
  "sha256Fingerprint": "<SHA256 fingerprint>"
}

JSON Response example

The following is a sample JSON Response for a self-signed certificate:

Use dark colors for code blocksCopy
{
  "aliasName": "selfsignedcertificate",
  "entryType": "PrivateKeyEntry",
  "issuer": "CN=SERVER.COMPANY.COM, O=SelfSignedCertificate",
  "subject": "CN=SERVER.COMPANY.COM, O=SelfSignedCertificate",
  "subjectAlternativeNames": ["DNSName: MACHINE.EXAMPLE.COM"],
  "validFrom": "Fri Dec 16 06:07:04 PST 2022",
  "validUntil": "Sun Oct 24 07:07:04 PDT 2055",
  "validFromEpoch": 1671199624000,
  "validUntilEpoch": 2707999624000,
  "keyAlgorithm": "RSA",
  "keySize": 2048,
  "serialNumber": "64ed6d0f",
  "version": 3,
  "signatureAlgorithm": "SHA256withRSA",
  "keyUsage": [],
  "md5Fingerprint": "a1dbaf706d2befc43beaf9bfb9f639df",
  "sha1Fingerprint": "980fbeaa248f624144ee87e192da473f6c8ea78f",
  "sha256Fingerprint": "fef71dd8827b30b2b88032cc6f035a2a6aa810f2ce324cbecbb3fdeced0279d1"
}