Skip to main content

Editor's Picks

Crawling the data security dungeon: SSL certificates in ArcGIS Enterprise

Published Date
Author André Piasta

Imagine this: you’re a brave adventurer, embarking on a grand quest to deploy ArcGIS Enterprise. You’ve gathered your party—IT wizards, data clerics and security rogues—and are prepared to face the challenges that lie ahead. But lurking in the dark, behind your firewalls and secure login screens, is a fearsome creature: the Security Breach. It can expose your precious spatial data to the world, compromising the integrity of your GIS kingdom! But fear not, for your trusty artifact, the SSL certificate, is here to help you defend your realm.

An SSL (Secure Sockets Layer) certificate is akin to a powerful magical shield, protecting your ArcGIS Enterprise implementation from the forces of evil—a.k.a. hackers, data thieves and malicious actors who lurk in the dark corners of the Internet. With an SSL certificate, you ensure that the communication between your ArcGIS servers and your users is encrypted and secure. Without this enchanted shield, your precious data could be intercepted by rogue creatures lurking like trolls under bridges, ready to steal your secrets.

A bust of a dwarven warrior with a braided beard and a winged helmet. The dwarf is wearing two swords on his back.

In the grand world of ArcGIS Enterprise, your users are brave knights traveling through the Realm of Data, seeking information from your servers. Without an SSL certificate, they’re walking unarmoured into battle, vulnerable to attack. But once the SSL certificate is in place, their connection to your ArcGIS server is secure. It ensures that even the most devious of dragons (cybercriminals) cannot feast on your data while it’s in transit. Now, you’re armoured, ready to face whatever comes your way.

But the true strength of your SSL certificate lies in its components—the enchanted sigils of root, domain and server certificates. Let’s delve deeper into their roles:

  • Root certificates: A root certificate, typically issued by a trusted Certificate Authority (CA), is the anchor of your SSL chain. It’s a certificate that you trust and rely on to verify the authenticity of all subordinate certificates beneath it. Think of it as the high king who grants legitimacy to all knights (other certificates) in the kingdom.
  • Domain certificates: These certificates are the heralds of your specific domain. They verify the identity of the server you’re connecting to and establish trust between the user and your ArcGIS Enterprise environment. A domain certificate ensures that your users aren’t connecting to a dangerous, fake server but are instead communicating with your authentic, secure system.
  • Server certificates: These are the defenders of your ArcGIS servers, ensuring that any communication between your users and the server is encrypted. Server certificates protect the integrity and confidentiality of the data exchange, meaning that sensitive GIS data, like geographic boundaries, personal data and other maps won’t be stolen or altered during transmission. These certificates are applied at the component level of ArcGIS Enterprise, ensuring seamless encryption from one end of the trust chain to the other, and using the same keys.

A man in a dark suit manipulates a floating wireframe orb.

The trust chain: a magical web of protection

But wait—how can you be sure that these certificates are legitimate? This is where the certificate trust chain comes into play. Imagine the trust chain as a mystical web woven by the very forces of magic itself—an unbreakable link that ensures every certificate is verified by a higher power.

  • The root certificate is the first link in the chain. This powerful artifact is issued by a trusted CA, like a council of wizards who bestow their power and authority upon lesser certificates. The root certificate is like the ancient god whose blessing strengthens all who fall under its domain.
  • Intermediate certificates are the magical emissaries who take the root’s power and extend it further down the chain, verifying the identity of your server and domain. These intermediary guardians carry the power of the root certificate to the lesser certificates that form the foundation of your secure communication.
  • The server certificate, issued by one of the intermediate certificates, is the final link. It is the guardian of your server’s identity, the last bastion in this enchanted web that proves the authenticity and trustworthiness of your server.

Once the chain is completed and each certificate is validated, your users are granted safe passage into the domain of your ArcGIS Enterprise implementation. Just as a hero must face trials to prove their worth, so must each certificate in the chain be verified, ensuring that no imposters lurk in the shadows. If even one link in this chain is broken or untrusted, your connection could be compromised—leaving your realm vulnerable to dark forces.

Why the trust chain is critical

In your adventure to secure your ArcGIS Enterprise system, understanding and maintaining this trust chain is crucial. If an intermediary certificate goes rogue or the root certificate is compromised, all certificates relying on that chain could be invalidated. Without a solid trust chain, your SSL certificates lose their strength, leaving the gates of your kingdom open for invaders.

Now, SSL certificates are not just a nice-to-have—they are essential for the safe operation of your ArcGIS Enterprise environment. The HTTPS protocol (with SSL/TLS) is the backbone of secure communication across the Web, ensuring that all sensitive information stays shielded from prying eyes. This is especially critical in the world of GIS, where data accuracy and security are paramount. By using the appropriate certificates, you’re not just keeping your data safe, but also enhancing the trustworthiness of your ArcGIS environment.

An armoured knight holds a shield and sword in a ready posture.

So, adventurer, don your armor of SSL certificates and ensure your ArcGIS Enterprise realm flourishes in the most secure and trusted way possible. With root, domain and server certificates standing as your mighty guardians, you’ll ensure your data remains protected from the darkest of intruders. The dungeon of vulnerability will tremble before your fortitude, and your kingdom will remain safe for all to enjoy!

A cartoon wizard wearing a pointy hat holds a spellbook and an orb in front of him.

Embarking on the quest to secure your ArcGIS Enterprise environment with SSL certificates is indeed a noble endeavor. To aid you on this journey, here are some key training options and resources from Esri's documentation:

Instructor-led training

Blog post

Guidelines for configuring SSL certificates

Instructions for managing SSL certificates in a highly available environment

Additional considerations

By consulting these resources, you'll be well-equipped to fortify your ArcGIS Enterprise realm with robust SSL certificates, ensuring secure and trustworthy data exchanges.

Want to stay informed about all the latest training opportunities at Esri Canada? Visit Esri Canada’s Communication Preference Centre and select the “Training” checkbox to get a monthly roundup straight to your inbox.

About the Author

André Piasta is a Senior Instructor on the National Training Team at Esri Canada. He teaches the full range of courses that Esri Canada offers, focusing on ArcGIS Enterprise and ArcGIS Developers. His love of mapping, geography and computer programming began in childhood, and his primary goal is to pass on that love to anyone that takes a course. André refers to himself as an “accidental geographer”, having discovered the geospatial discipline while pursuing a degree in Computer Science at the University of Regina. Outside of work, André spends time working with a variety of cultural and volunteer organizations.

Profile Photo of André Piasta
More Content by André Piasta