If you are running in a non-secure staging environment, and you are ready to move to production, you must perform the following steps to enable security.
Change Identity Server configuration protocol to HTTPS. (See Configuring Secure Communication on Identity Server.)
Replace the test certificates with your own. (See Using Access Manager Certificates or Using Externally Signed Certificates.)
Update all devices that are trusting this Identity Server configuration.
This causes ESP to reimport the metadata of Identity Server.
(Conditional) If you have set up federation, reimport metadata for trusted service and identity providers. (See Managing Metadata.)
Change Access Gateway configuration to HTTPS. (See Configuring Access Gateway for SSL.)