Configure certificates for ArcGIS Velocity

ArcGIS Velocity requires secure HTTPS communication between its constituent components, such as the portal and ArcGIS Server. When initially installed, Velocity itself includes a self-signed certificate. A self-signed certificate means that a client cannot verify the identity of the server. It is recommended that the certificate you use is signed by a corporate (internal) or commercial certificate authority (CA). Replacing the self-signed certificate with a CA-signed certificate improves the security of your deployment.

Import an existing CA-signed certificate

Note:

To import the certificate into your portal, the certificate and its associated private key must be stored in the PKCS#12 format, which is represented by a file with either the .p12 or .pfx extension.

To import a CA-signed certificate to the Velocity Administrator directory, complete the following steps:

1. Sign in to the Velocity Administrator directory using the Velocity primary site administrator credentials.

   The URL is in the format https://<your_velocity_FQDN>:7143/arcgis/admin.

2. Accept the security warnings presented by your browser.

3. Click machines > [machine name].

4. Click sslcertificates, then click importExistingServerCertificate, and provide the information for the following options:

   1. Certificate Password: Type the password to unlock the file containing the certificate.

   2. Alias: Type a unique name that easily identifies the certificate. For example, server-cert.

   3. Certificate File: Browse to the location and select the existing CA-signed certificate.

   4. Import certificate chain: Check this check box if you want to import root or intermediate certificates included in the .pfx or .p12 file. The alias for these certificates matches the alias provided above and are appended with either _root or _intermediate depending on the type of certificate.

5. Click Import.

Import an existing root CA certificate

After importing an existing CA-signed or domain certificate, the root and intermediate certificates need to be imported. These would be listed under Security > SSLCertificates.

If they were not imported or if an additional root or intermediate certificate is needed, complete the following steps:

1. Sign in to the Velocity Administrator directory using the Velocity primary site administrator credentials.

   The URL is in the format https://<your_velocity_FQDN>:7143/arcgis/admin.

2. From Velocity Administrator directory, click machines > [machine name].

3. Click sslcertificates > ImportRootOrIntermediate.

4. On the Import Root or Intermediate page, provide the following information:

   1. Alias: Type a unique name for the alias. For example, caroot.

   2. Browse to the location and select the root certificate provided by CA.

5. Click Import.

   Note:

   This step automatically restarts your Velocity site.

Import the portal certificate into Velocity

To import the portal certificate into Velocity, complete the following steps:

1. Sign in to Portal Administrator directory at https://webadaptorhost.domain.com/webadaptorname/portaladmin.

2. Download the certificate using your browser tools.

   The exported certificate is imported into Velocity as a root or intermediate certificate.

3. Access the Velocity Administrator directory at https://<your_velocity_FQDN>:7143/arcgis/admin.

4. Click machines > [machine name].

5. Click sslcertificates > ImportRootOrIntermediate.

6. On the Import Root or Intermediate page, provide the following information:

   1. Alias: Type a unique name for the alias. For example, caroot.

   2. Browse to the certificate location and select the certificate file.

7. Click Import.

   Note:

   This step automatically restarts your Velocity site.

Import the ArcGIS Server certificate into Velocity

To import the ArcGIS Server certificate into Velocity, complete the following steps:

1. Sign in to ArcGIS Server Administrator directory at http://webadaptorhost.domain.com/webadaptorname/admin.

2. Download the certificate using your browser tools.

   The exported certificate is imported into Velocity as a root or intermediate certificate.

3. Access the Velocity Administrator directory at https://<your_velocity_FQDN>:7143/arcgis/admin.

4. Click machines > [machine name].

5. Click sslcertificates > ImportRootOrIntermediate.

6. On the Import Root or Intermediate page, provide the following information:

   1. Alias: Type a unique name for the alias. For example, caroot.

   2. Browse to the certificate location and select the certificate file.

7. Click Import.

   Note:

   This step automatically restarts your Velocity site.

Configure Velocity to use the CA-signed certificate

To configure Velocity to use the CA-signed certificate, complete the following steps:

1. From the Velocity Administrator directory, click machines > [machine name].

2. Click edit.

3. In the Web server SSL Certificate field, type the alias of the CA-signed certificate.

4. Click Save Edits to apply your change.

   Note:

   This step automatically restarts your Velocity site.

Verify you can access your Velocity site using HTTPS

Test the following URL to verify that you can access Velocity using HTTPS: https://<your_velocity_FQDN>:7143.

Import Velocity’s certificate to the portal

You can import a certificate into portal as a root or intermediate certificate. To import the Velocity SSL certificate to a portal, complete the following steps:

1. Access your Velocity site at https://<your_velocity_FQDN>:7143.

2. Download the certificate using browser tools.

3. Sign into the Portal Administrator directory at https://webadaptorhost.domain.com/webadaptorname/portaladmin.

4. Click Security > SSL Certificates.

5. Choose Import Root or Intermediate.

6. For File, browse the certificate you downloaded.

7. Provide an Alias.

8. Uncheck Do not restart the portal after import.

9. Click Import.

Import Velocity’s certificate to ArcGIS Server

To import a Velocity’s certificate in ArcGIS Server, complete the following steps:

1. Open the browser and sign into the ArcGIS Server Administrator directory at http://webadaptorhost.domain.com/webadaptorname/admin.

2. Click machines > machine name.

3. Click SSL Certificates, then choose Import Root or Intermediate.

4. For File, browse to the certificate location.

5. Provide an Alias.

6. Click Import to import Velocity's certificate.

7. Restart ArcGIS Server.

Continue to configure Velocity with an Enterprise portal.