Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Esri EAEP2201 Exam - Topic 4 Question 11 Discussion

Actual exam question for Esri's EAEP2201 exam
Question #: 11
Topic #: 4
[All EAEP2201 Questions]

A GIS administrator is responsible for maintaining the stability of a large internal ArcGIS Enterprise deployment. After the Domain CA certificate is replaced with a new one and the new PKCS#12 format PFX file is imported into all Portal for ArcGIS, ArcGIS Server, and ArcGIS Data Store deployments, the following issues are identified:

When connecting directly to the Portal for ArcGIS administration endpoint via port 7443, the new certificate is not recognized and is considered invalid

When connecting directly to the ArcGIS Server administration endpoint via port 6443, the new certificate is not recognized and is considered invalid

When connecting to the ArcGIS Data Store endpoint via port 2443, the new certificate is recognized and considered valid

What is causing this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A

When replacing SSL certificates in ArcGIS Enterprise components, ArcGIS Server and Portal for ArcGIS require the root and intermediate (issuing) certificates to be explicitly imported into their trust stores. Unlike the ArcGIS Data Store, which can often rely on the system-level trust store, ArcGIS Server and Portal maintain their own certificate trust management.

From the official ArcGIS Enterprise documentation:

''When using certificates issued by an internal or external CA, it is essential to also import the corresponding root and intermediate certificates into the Portal for ArcGIS and ArcGIS Server trust stores to ensure the certificate chain is validated properly.''

Option B is incorrect. Domain CA certificates are supported and recommended over self-signed certificates for internal deployments.

Option C refers to an acceptable format but does not address the issue, which is about importing the chain of trust.

Option D is incorrect; PKCS#12 (.pfx) certificates are supported but must be paired with the correct chain files.


ArcGIS Enterprise -- Managing CA certificates in Portal and ArcGIS Server environments

=====================

by Leontine at Mar 06, 2026, 07:53 AM

Limited Time Offer

25%

Off

Get Premium EAEP2201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Francisca
2 days ago
Definitely A. I've seen this issue before with cert imports.
upvoted 0 times
...
Eun
7 days ago
Wait, I thought PKCS#12 was supported? D doesn't make sense to me.
upvoted 0 times
...
Kanisha
12 days ago
I disagree, B seems more likely. Self-signed certs are easier to manage.
upvoted 0 times
...
Brice
17 days ago
Sounds like A is the right answer. They need those root and issuing authority certs!
upvoted 0 times
...
Rosann
22 days ago
I thought Domain CA certificates were fine, but maybe they need to be replaced with self-signed ones? I’m a bit confused on that point.
upvoted 0 times
...
Meghann
28 days ago
I feel like we discussed the importance of using the correct certificate format, like DER encoded X.509. That could be a factor in this situation.
upvoted 0 times
...
Teddy
1 month ago
I'm not entirely sure, but I think I saw a practice question that mentioned compatibility issues with PKCS#12 certificates. Could that be relevant?
upvoted 0 times
...
Shakira
1 month ago
I remember something about needing to import root and issuing authority certificates for ArcGIS Server and Portal. That might be the issue here.
upvoted 0 times
...

Save Cancel