Trusted Root Certificate Authorities

VertiGIS Studio Access Control is a Node.js application. By default, Node.js uses Mozilla's list of publicly-trusted certificate authorities (CAs). It does not use the trusted CAs of the local Windows machine. If Access Control makes HTTPS requests to servers whose root CAs are not trusted by Node.js, those requests will fail. Node.js supports a NODE_EXTRA_CA_CERTS environment variable that allows you to add additional trusted root CA certificates. Adding CA certificates may be appropriate in scenarios where you have an internal certificate authority.

 

Only add root CA certificates that you actually trust. If you add certificates from an unknown or untrusted sources it will compromise the security of your Access Control deployment and the ArcGIS Servers associated with it.

 

To add a trusted root certificate authority to VertiGIS Studio Access Control:

1. Export the root CA certificate of the desired web server in PEM format.

   You can typically do this in a web browser by navigating to the desired web server, clicking the lock icon in the address bar and selecting the certificate details. Be sure to export the root certificate.

2. Save the exported certificate file on the machine running Access Control.

3. On the machine running Access Control, open a command prompt as an administrator.

4. Change the directory to C:\Program Files\VertiGIS\VertiGIS Studio Access Control\dist\bin

5. Run the command nssm edit geocortexaccesscontrol

   A service editor application opens.

6. Locate the Environment tab (you may need to scroll to the right) and select it.

7. Add NODE_EXTRA_CA_CERTS=</path/to/your/cert.pem> to the list of environment variables.

   Be sure to use the file path of your own certificate .pem file.

8. To save your changes, click the Edit service button.

9. Open the Windows services.msc dialog and restart the VertiGIS Studio Access Control service.

The .pem file referenced by NODE_EXTRA_CA_CERTS may contain multiple certificates.