How to Enable SSL Communications

This topic applies to on-premises installations.

Follow the procedure below if your access point's website uses an SSL certificate not signed by a common Certificate Authority. This will ensure that each machine on which the CAM Agent is installed trusts the certificate.

To enable machines to communicate over SSL:

  1. Configure Internet Information Service (IIS) on the access point machine to support SSL. This involves obtaining a server certificate and installing it in IIS; see your IIS documentation for details.
  2. Ensure that the web server certificate is trusted by the CAM Administration Service machine, so the CAM Administration Service can test access point availability.
  3. Ensure that the web server certificate is trusted by machines that will use the https access point.
  4. If the Access Point is not yet installed, you can now install it and specify https be used. If it was previously installed using http, you can uninstall and reinstall it, or modify the URL in the CAM Database directly as follows:
    1. Bring up SQL Server Management Studio and connect to the SQL instance running your CAM database using your CAM database credentials.

    2. Bring up a query window and issue the following query: SELECT * FROM middletieraccesspoints

    3. Make note of the accesspointid of the Access Point you are updating.

    4. Issue the following query: UPDATE middletieraccesspoints SET accessstring='https'+SUBSTR(accessstring,5) WHERE accesspointid=<noted-accesspointid>

  5. Install the CAM Agent and specify the https access point.

Notes:

  • If you use a certificate from a common Certificate Authority, you can skip steps 2 and 3, as machines should already trust certificates signed by VeriSign, Thawte, Entrust, and so on.
  • If your organization uses a certificate it signs, you are probably already aware of the issues of getting machines to trust that certificate. In steps 3 and 4, above, it's recommended that the root certificate for the web server's certificate be installed in the Trusted Root Certificate Authorities store for the local computer.