For the HTTPS client, the Enterprise Console packages the latest Mozilla truststore cacerts.jks, as it contains standard certificates. The Enterprise Console creates a keystore.jks file which contains a self-signed certificate. This certificate is imported into cacerts.jks during installation or upgrade.

For production use, we recommend that you replace the self-signed certificate with a certificate signed by a third-party Certificate Authority (CA) or your own internal CA.

This page describes how to:

• enable HTTPS for the Enterprise Console during installation or upgrade.
• update the certificate to a signed one.
• customize keystore credentials.

The exact steps to implement security typically vary depending on the security policies for the organization. For example, if your organization already has a signed certificate to use, such as a wildcard certificate used for your organization's domain, you can import it into the keystore using the Enterprise Console's update-certificate command. Otherwise, you can obtain a new one along with a certificate signing request.