Esri EAEP2201 Exam - Topic 4 Question 11 Discussion

Actual exam question for Esri's EAEP2201 exam

Question #: 11
Topic #: 4

A GIS administrator is responsible for maintaining the stability of a large internal ArcGIS Enterprise deployment. After the Domain CA certificate is replaced with a new one and the new PKCS#12 format PFX file is imported into all Portal for ArcGIS, ArcGIS Server, and ArcGIS Data Store deployments, the following issues are identified:

When connecting directly to the Portal for ArcGIS administration endpoint via port 7443, the new certificate is not recognized and is considered invalid

When connecting directly to the ArcGIS Server administration endpoint via port 6443, the new certificate is not recognized and is considered invalid

When connecting to the ArcGIS Data Store endpoint via port 2443, the new certificate is recognized and considered valid

What is causing this issue?

AArcGIS Server and Portal for ArcGIS require that new root and new issuing authority certificates be imported explicitly into the software

BDomain CA certificates are no longer supported by ArcGIS Server and Portal for ArcGIS and should be replaced by self-signed certificates

CDomain CA certificates must be imported using a DER encoded binary X.509 (CER) format file for ArcGIS Server and Portal for ArcGIS

DArcGIS Server and Portal for ArcGIS are not compatible with PKCS#12 certificates

Show Suggested Answer

Suggested Answer: A

When replacing SSL certificates in ArcGIS Enterprise components, ArcGIS Server and Portal for ArcGIS require the root and intermediate (issuing) certificates to be explicitly imported into their trust stores. Unlike the ArcGIS Data Store, which can often rely on the system-level trust store, ArcGIS Server and Portal maintain their own certificate trust management.

From the official ArcGIS Enterprise documentation:

''When using certificates issued by an internal or external CA, it is essential to also import the corresponding root and intermediate certificates into the Portal for ArcGIS and ArcGIS Server trust stores to ensure the certificate chain is validated properly.''

Option B is incorrect. Domain CA certificates are supported and recommended over self-signed certificates for internal deployments.

Option C refers to an acceptable format but does not address the issue, which is about importing the chain of trust.

Option D is incorrect; PKCS#12 (.pfx) certificates are supported but must be paired with the correct chain files.

ArcGIS Enterprise -- Managing CA certificates in Portal and ArcGIS Server environments

=====================

by Leontine at Mar 06, 2026, 07:53 AM

Limited Time Offer

25%

Off

Get Premium EAEP2201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!