By default, Management and Security Server allows browsers to use the HTTP protocol to communicate between the client computer and the Management and Security Server. Although HTTP is universally available, information exchanged using HTTP is sent in clear text and is vulnerable to unauthorized access.
To secure your passwords and other sensitive data, we recommend that you require browsers to connect to Management and Security Server using the HTTPS protocol, which provides TLS/SSL encryption. To require HTTPS:
Make sure TLS/SSL is enabled on your web server.
If you installed Management and Security Server with the automated installer, TLS/SSL is enabled with a self-signed server certificate.
NOTE:When users first request a session, they may see a warning that the certificate is not trusted by their browser. Generally, users can choose to permanently accept the certificate.
If your web server uses a certificate signed by a popular Certificate Authority, most browsers are able to establish a TLS/SSL connection without going through the security warning.
Use the HTTPS Certificate Utility to manage the Administrative Server certificate. The HTTPS Certificate Utility installs with Management and Security Server, and is available from the menu.