Continue from the Control Room installer to the Transport Layer Security (TLS) configuration wizard page. From this stage of the installation wizard, you generate a self signed certificate or import a security certificate to setup a highly secure Control Room instance.

1. The TLS Configuration screen displays where you can either:
   • Generate a Self-Signed Certificate

     When the Self-Signed Certificate option is enabled, the installer generates a unique private key and a self-signed certificate for the Control Room.

   • Import a Certificate

     To import a custom certificate, disable the Self Signed Certificate check box and use the Certificate Path field to import a certificate.

     Note: The certificate file must be in the PKCS12 format.
     Provide the following information:

     • Certificate Path: Click the Browse button to import the certificate.

     • Private Key Password: Type the password for the private key.

       Important: Password Limitation: Do not use "@" in passwords. Using the special character "@" in the password causes the certificate file import to fail.
     • Webserver Port: Type the Webserver port – either HTTP or HTTPS. If the port is already assigned, an error message displays.
       Important: The port validation message is also displayed when you add 8080 for Webserver and if that is already in use for Control Room license service. Use a different unassigned port in above cases.
     • Enable Force HTTP traffic to HTTPS: To redirect all HTTP port requests to HTTPS. To access the Control Room via HTTPS using the generated self-signed certificate. Ensure the port number is different for both.
2. Click Next to Enterprise 11: Configure service credentials.