The Certero Provisioning Services (CPS) allows for Certero Management Platform (CMP) tenant web services to be configured for HTTP, HTTPS, or both. An SSL certificate is used for HTTPS.

If you wish to bind HTTPS, you first need to import your designated SSL certificate following this article:

Before changing the binding of a tenant, please consider the following points:

• You cannot simply change from HTTP to only HTTPS, as the Certero clients will then not be able to communicate. You first need to ensure you enable both (the HTTP + HTTPS option, below) for an interim period to allow the clients to communicate using the old method. This will allow clients to download an updated Endpoint Server config.ini file containing the HTTPS configuration.

• If you make a change to CPS and your CMP tenant, will need to ensure you make the same change to any Endpoint Servers that are not the one hosted on the main CMP application server. This is also covered in this article.

• You must ensure references to Endpoint Server(s) are to their fully qualified domain name (FQDN).

• Prepare a valid SSL certificate that matches the FQDN.

Endpoint Server FQDN

Follow these steps to check you are using a FQDN:

For the default Endpoint Server installed by Certero Provisioning:

There will be a default Endpoint Server on the same server where the Certero application server (CMP) resides. Check this by:

• Log into Certero Provisioning and select the Tenants option.

• Against the instance of CMP, select the drop-down menu against its name and select the Configure option.

• Select the Website tab and ensure the Hostname field is using the FQDN.

• Click Save if changes have been made, and Certero Provisioning will make the changes for the default Endpoint Server.

Additional Endpoint Servers:

• Log into the Certero application (CMP) and navigate to Administration > Endpoint Servers .

• For each Endpoint Server, open its properties and ensure the Details tab is showing (the default).

• Ensure the Hostname is the FQDN for the Endpoint Server, and not just the hostname.

• Click the Save button if changes have been made.

Configuring Application Website HTTPS

Once the SSL certificate has been imported into CPS (using the Certificates menu at the top), you can begin to configure your tenant, as follows:

• In CPS, navigate to the Tenants page.

• Select the blue drop-down icon next to the tenant name and select the Configure option.

• Select the Website tab.

• Use the drop-down under IIS Bindings option to select the appropriate option: HTTP, HTTPS or HTTP + HTTPS.

• Once you have selected an option containing HTTPS, a new option will appear called SSL Certificate . Use this drop-down to select the appropriate SSL certificate you previously uploaded.

• Click the Save at the bottom of the page.

CPS will now go through several steps in order to make the required change to your CMP tenant, and when complete you will be able to access the Certero Management Platform using the new URL bound on your designated method.

Configuring Endpoint Servers

For those Endpoint Severs not residing on the same server as the CMP application server, i.e. "stand-alone", you will need to perform the following steps:

Versions earlier than 8.4:

• Log onto the Endpoint Server in question.

• On the server desktop, you will see an application called Endpoint Server Configuration Tool . Right click on this and select Run as Administrator .

• Select the appropriate option for either HTTP or HTTPS

• Input the port for your chosen method.

• Click Test - this will confirm if the communication works with the configuration defined.

• Click Apply .

• Click OK to save the configuration.

Version 8.4 and later:

Refer to this article:

Renewing a CPS Website Certificate

CPS is assigned a self-signed certificate when first installed. Renewing/replacing the CPS website certificate is performed using the familiar Windows IIS systems administration management console.

The CPS website certificate does not need to be loaded into CPS via the CPS Certificates menu; however, it may well be if it's the same certificate being used to secure the application website.