Setup and Run Admin Tools, Backup My Org, and Clean My Org

ArcGIS Enterprise Only

These steps only apply to ArcGIS Enterprise environments. Users with ArcGIS Online environments do not need to provide connector information or AppID information when using Admin Tools. This is ONLY necessary for installs that DO NOT use Integrated Windows Authentication (IWA).

Below, you can expand the dropdown and review the following in-depth, illustrated guide to Admin Tools Enterprise. This section details the Admin Tools 2.0 Enterprise Installation Instructions:

Step-by-step guide

From the "Content" tab in ArcGIS, select "New Item” → “Application" → “Other Application”. Press “Next” button.

New Item Button in ArcGIS Content Tab

Application Button in New Item Modal

Application Type in New Item Modal

Name the application "Admin Tools”, “Backup My Org”, or “Clean My Org”. Fill in the values for your application. Click “Save” button.

Title Section in New Item Modal

Navigate to the "Settings" Tab of the newly created GEO Jobe application.

Settings Tabs in the Application Item

From the “Settings” tab, scroll down to the "Application" section. This is where you will find the client/app ID needed for setting up your GEO Jobe build.

Client ID Box in Application Section

Add your GEO Jobe application’s portal URL/domain name (HTTP and/or HTTPS) to the “Redirect URLs” input box.

Domain Example

Ensure that '/' is not included at the end of your domain name/URL as this may potentially cause troubleshooting issues when attempting to connect your GEO Jobe application to the ArcGIS “Redirect URL” endpoint.

In some cases, an application URL is required in the “URL” field (shown in the image below). This can be any placeholder URL. Simply add your own, or enter https://geo-jobe.com into the input box.

Placeholder URL Populated in URL Input Box

Be sure to “Save” your settings before attempting to connect the GEO Jobe application to the ArcGIS redirect endpoint.

Conclusion

You should now have the OAuth App ID and Redirect URIs necessary to start the Admin Tools Installation.

Prerequisite: Be sure that your certificate is generated with the MAC option for your SSL certificate.

Below, you can expand the dropdown and review the following options to run Admin Tools, Backup My Org or Clean My Org as HTTPS:

Export the certificate from IIS:
a. Open the IIS Manager
b. Click on the server name in the "Connections" pane (located left-hand side)
c. In the middle pane, double-click on "Server Certificates"
d. Select the certificate you want to export
e. Click "Export" in the "Actions" pane (located on the right-hand side)
f. Follow the wizard to export the certificate as a .pfx file (Note: remember the passphrase you specified to protect the cert)
g. Export the PFX to your GEO Jobe product’s main folder
(Note: if you don’t have an export option you may need to re-import the certificate to IIS with the allow export option)
Open the command prompt and navigate to the Admin Tools 2.0, BackupMyOrg, or CleanMyOrg directory and insert:

index pfx <INSERT PASSPHRASE HERE> 
(for Admin Tools 2.0)

OR 

backupmyorg pfx <INSERT PASSPHRASE HERE>
(for Backup My Org)

OR 

cleanmyorg pfx <INSERT PASSPHRASE HERE>
(for Clean My Org)

(Note: This will save the passphrase as an encrypted string in the MongoDB database.)

In the product’s main application directory, locate the config/nodeconfig.json and make the following modifications in the JSON file:
"useHTTPS": true, "certs": { "certificate": "", "key": "", "pfx": "ADD PFX FILE NAME HERE" },

(Note: If you are using an absolute path in your nodeconfig.json, be sure to use double backslashes, such as "C:\\BackupMyOrg\\Certificates\certificate.pem" or "C:\\CleanMyOrg\\Certificates\certificate.pem". Please also ensure that the name of your PFX file is added to the “pfx” property. An example shown above.)

Restart your Admin Tools 2.0, Backup My Org, or Clean My Org server app or service.
1. Then, load https://localhost:9181 or https://yourwebdomain:9181 (for Admin Tools 2.0), https://localhost:8500 or https://yourwebdomain:8500 (for Backup My Org) or https://localhost:8000 or https://yourwebdomain:8000 (for Clean My Org) into your browser.

Both a certificate and key .pem file are required. (If you need to generate these, you can do so by downloading OpenSSL at: https://slproweb.com/download/Win64OpenSSL_Light-3_2_0.msi
Open the command prompt in Windows.
Run the following commands to generate your private key and public certificate:

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
openssl x509 -text -noout -in certificate.pem

Once you have the cert and key files, copy them to your Admin Tools, Backup My Org, or Clean My Org main folder.
Edit the config/nodeconfig.json file and make the following modifications:

“useHTTPS”: true,
“certificate”: <name of your certificate.pem file>,
“key”: <name of your key.pem file>

Restart your Admin Tools 2.0, Backup My Org, or Clean My Org server app or service.
1. Then, load https://localhost:9181 or https://yourwebdomain:9181 (for Admin Tools 2.0), https://localhost:8500 or https://yourwebdomain:8500 (for Backup My Org) or https://localhost:8000 or https://yourwebdomain:8000 (for Clean My Org) into your browser.

See A "Not Secure" Warning On Your Browser?

If you have created a self signed certificate, those will always appear as not trusted.

You will need to buy a certificate from a trusted source (such as Verisign) to have a signed certificate from an authority.

To convert an IIS certificate to a .key and .pem format for use in Admin Tools 2.0, Backup My Org or Clean My Org, you can follow these steps:

Export the certificate from IIS:
a. Open the IIS Manager
b. Click on the server name in the "Connections" pane (located left-hand side)
c. In the middle pane, double-click on "Server Certificates"
d. Select the certificate you want to export
e. Click "Export" in the "Actions" pane (located on the right-hand side)
f. Follow the wizard to export the certificate as a .pfx file (remember the password you specified to protect the cert)
(Note: if you don’t have an export option you may need to re-import the certificate to IIS with the allow export option)
Convert the .pfx file to a .pem file using OpenSSL:
a. Install OpenSSL on your computer if it is not already installed (Windows version can be found at: Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions
b. Copy the .pfx file to the OpenSSL /bin folder
c. Open a command prompt or terminal window
d. Navigate to the openSSL bin directory
e. Run the following command (changing exported cert name as necessary):

openssl pkcs12 -in exportedCert.pfx -out yourcert.pem -nodes

This command will prompt you for the password you used to protect the .pfx file. Enter the password and press Enter. The command will create a .pem file in the same directory as the .pfx file.

Extract the private key from the .pem file using OpenSSL:
a. Run the following command in the same directory where the .pem file is saved:

openssl rsa -in yourcert.pem -out yourkey.key

This command will extract the private key from the .pem file and save it as a separate .key file in the same directory.

Copy the .pem and .key to the application directory and configure config/nodeconfig.json
a. Copy the new .pem and .key file to your application root directory
b. Open <application directory>\config\nodeconfig.json
c. Modify the settings as follows (changing names as necessary):

"useHTTPS": true,
  "certs": {
    "certificate": "yourcert.pem",
    "key": "yourkey.key"
  },

Restart the Admin Tools, Backup My Org, Clean My Org server and open the browser using HTTPS location.