Welcome to our docs site. Docs on this site are for ACP version 9.
See these links for previous versions: Version 8, Version 7

Communications Security

You can enable Frontend TLS settings for your Platform during installation, or, once the Platform is running, you can modify those settings from the Security>Communication Security page in the SOC. Internal encryption settings can only be configured during installation, and are not affected by settings on this page.

Before making changes to the communication security on your Platform, see more about on TLS/SSL certificates.

Enabling TLS for a Platform

You can change enforcement for your Platform in the TLS Enforcement section of the Communication Security page.

TLS Enforcement means that traffic (including traffic to guest applications) on HTTP is automatically re-directed to HTTPS. If disabled, TLS enforcement does not disable HTTPS or require all User traffic to be re-directed to HTTP. This means that the Tenants may always use TSL to access their guest applications even if it is not required. It also means that applications where TLS is enforced on a per-application basis (as configured through the Developer Portal) will use TLS even if Platform-wide Enforcement is disabled.

To enable, click Enable TLS Enforcement. Once enabled, all future traffic (including traffic to guest applications) on HTTP is automatically re-directed to HTTPS, so there is no Tenant disruption – even if the User is already logged in to the Platform.

If TLS enforcement is enabled, this option is Disable TLS Enforcement which you can use to disable enforcement at any time.

Updating the TLS Certificate

In the Frontend TLS Certificate section you can specify an TLS certificate the Platform will use to encrypt frontend traffic.

To update,

  1. select the Cloud you want to update with a new TLS certificate (for a single-cloud installation, only one option will appear)
  2. browse to the location of the certificate to upload
  3. enter the password for the certificate

Click Upload Certificate or Repair your HTTPS Bindings when you are finished.