Using HTTPS

To use https, the secure protocol is used for client to reverse proxy server communications, but normal http is used for reverse proxy server to Dekho server communications. The Dekho Server must be provided with the reverse proxy server URLs for each of the Dekho Web Services.

Step 01> Enter a secure port number into the appport field.

Step 02> Enter the reverse proxy server name into the apphost field

Step 03> In the cache.url and geometry.service fields, Enter a secure URLs on the reverse proxy server

When the Configuration MXD is running via a secure reverse proxy, connections to ArcGIS Server map services (dynamic, tiled and image) must be made via the proxy server over SSL.

Step 04> Make a connection in ArcCatalog to the proxy server via https (once you have completed Configuring Microsoft ISA for Reverse Proxy or Configuring Apache HTTPD for Reverse Proxy.

Step 05> Add data in your Configuration MXD from that GIS Server. To make the connection in ArcCatalog, ArcCatalog requires a correct SSL certificate to be issued by the proxy server.

ArcGIS Server map services need to be configured to use a virtual output directory that uses the secure protocol and proxy server hostname.

For example; using ArcCatalog:

To enable the https:// protocol in the Apache web server, the optional module mod_ssl is loaded and configured, along with mod_proxy. Also, the SSLProxyEngine directive must be set to On.

 

In httpd.conf, include the following lines:

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_http_module modules/mod_proxy_http.so

 

LoadModule ssl_module modules/mod_ssl.so

Include conf/extra/httpd-ssl.conf

 

SSLProxyEngine on

 

ProxyRequests off

ProxyPreserveHost On

 

<Proxy *>

  Order deny,allow

  Allow from all

</Proxy>

 

ProxyPass    /Dekho/        http://Dekhoserver:8080/Dekho/

ProxyPass    /DekhoCache/   http://Dekhoserver:8080/DekhoCache/

ProxyPass    /ArcGIS/services       http://arcgisserver/ArcGIS/services

ProxyPass    /ArcGIS/rest/services  http://arcgisserver/ArcGIS/rest/services

ProxyPass    /arcgisoutput          http://arcgisserver/arcgisoutput

In line with Adobe recommendations, the communication from browser to proxy is https, but the communication from proxy to service is http.

 

 

 

INFORMATION: The mod_rewrite configuration shown in the section “Missing Slash” does not work when using https://.

 

 

 

See the Apache documentation for further instructions about configuring  mod_ssl. To fully configure the secure protocol requires a server certificate to be generated and digitally signed by a Certificate Authority (CA) such as Verisign, Inc. Certificates for testing purposes can be generated locally.

 

 

 

INFORMATION: To enable Microsoft ISA for https, add a HTTPS listener at step 0 of configuring ISA above.

 

 

 


Add a Certificate into the Java Certificate Store