With the release of ESM 5.2 came the support for running both ESM interfaces to operate over SSL (https) for encryption purposes. To enable this follow the 3 steps below:
Step 1 – Enable https on the IIS instance on the management server. Leave HTTP turned on as well as it will be needed for server to server communication. When https is turned on apply either a self-signed certificate or issued certificate.
Step 2 – Make an attribute change to the web.config file for the user and admin interface. This change will cause both interfaces to redirect to https and not allow the interfaces to be used or logged into through regular http. The web.config folder for the two interfaces will be found in the web root folder when it was installed. Within that folder in the root there will be a web.config for the user interface. Within that root will be an admin folder within that is the web.config for the admin interface. The change is the same in both. I will give just a brief example of the layout for section reference and the change needed. The required SSL attribute will be set to True in both instances.
<Forms> requireSSL = “True”
Step 3 – Within the web root folder there should be a “services” folder. Open this folder and edit the web.config file. There will be a section for <webhttpbinding> with a security attribute. Make sure it is set from "None" to “Transport”.