Enhance SSL config options to allow support for Root, Intermediate, and Full Cert Chain

[J-J-E]

Currently, this is a limitation of the current cookbooks. At this time the cookbooks can only import the root cert and signed cert (pfx). These leads to missing functionality within portal for processes that rely on internal communication between the portal and server machines (only tested with enterprise primary single machine base deployment).

Without importing the intermediate certificate and the full certificate chain, the option to save credentials when adding a secure service from the federated server is missing in the web UI, and when attempting to do it programmatically through the web API, users will encounter this error:

Invalid SSL certificate found. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Manually importing the root, intermediate, and signed cert (with using the checkbox to import certificate chain) resolves these error logs and the UI functionality returns.

Here is the link to the discussion between @cameronkroeker and myself.

I have also requested this to be filed as an enhancement request with my Esri Support Rep under Esri Case ENH-000168761

[cameronkroeker]

This was added in the latest release of the cookbooks v5.2.0:

https://github.com/Esri/arcgis-cookbook/releases/tag/v5.2.0

• node['arcgis']['server']['import_certificate_chain'] = Introduced in 11.3. Specifies if the root or intermediate certificates included inside the existing certificate file should also be imported into ArcGIS Server. By default, the parameter is set to true.
• node['arcgis']['portal']['import_certificate_chain'] = Introduced in 11.3. Specifies if the root or intermediate certificates included inside the existing certificate file should also be imported into Portal for ArcGIS. By default, the parameter is set to true.

Thanks,
Cameron K.