Enterprise 11: Configure application Transport Layer Security

Continue from the Control Room installer to the Transport Layer Security (TLS) configuration wizard page. From this stage of the installation wizard, you generate a self signed certificate or import a security certificate to setup a highly secure Control Room instance.


  1. The TLS Configuration screen displays where you can either:
    • Generate a Self-Signed Certificate

      When the Self-Signed Certificate option is enabled, the installer generates a unique private key and a self-signed certificate for the Control Room.

    • Import a Certificate

      To import a custom certificate, disable the Self Signed Certificate check box and use the Certificate Path field to import a certificate.

      Note: The certificate file must be in the PKCS12 format.
      Provide the following information:
      • Certificate Path: Click the Browse button to import the certificate.

      • Private Key Password: Type the password for the private key.

        Important: Password Limitation: Do not use "@" in passwords. Using the special character "@" in the password causes the certificate file import to fail.
      • Webserver Port: Type the Webserver port – either HTTP or HTTPS. If the port is already assigned, an error message displays.
        Important: The port validation message is also displayed when you add 8080 for Webserver and if that is already in use for Control Room license service. Use a different unassigned port in above cases.
      • Enable Force HTTP traffic to HTTPS: To redirect all HTTP port requests to HTTPS. To access the Control Room via HTTPS using the generated self-signed certificate. Ensure the port number is different for both.
  2. Click Next to Enterprise 11: Configure service credentials.