# Enabling HTTPS (from 123181) | v12 | Network Configuration Manager Help ## Enabling HTTPS Configuration Steps to enable HTTPS in NCM: (for version 123181 and above) 1. Go to **Settings → General Settings → Security Settings** ![Security settings](https://www.manageengine.com/network-configuration-manager/help/images/ssl-ncm.JPG) 2. Enable the **"Secure Mode"** button. ![secure mode](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-2.png) 3. Once the button is enabled, you will be prompted to choose from three options, namely: - Generate a CSR - Self-signed Certificate - Import Certificate ![SSL configuration](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-3.png) ### 4) Generate CSR This option helps you generate a Certificate Signing Request (CSR). A CSR or Certificate Signing Request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate will be installed and contains information that will be included in the certificate such as the organization name, common name (domain name), locality, and country. It also contains the public key that will be included in the certificate. A private key is usually created at the same time that you create the CSR, making a key pair. A CSR is generally encoded using ASN.1 according to the PKCS #10 specification. A certificate authority will use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a particular CSR will only work with the private key that was generated by it. So if you lose the private key, the certificate will no longer work. ![Generate CSR](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-4.png) 5. Once you click on **Generate CSR**, you will have to fill out a few details for the certificate you want to create for use in NCM Server. ![Generate CSR](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-5.png) 6. On clicking the **Generate** button, your CSR and Server Key files will be downloaded as a ZIP. Extract the file and use the **"OpManager.csr"** file to get a signed certificate from a CA of your choice. ![Extract the file](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-6.png) After getting signed by the CA, you will receive a certificate file which you can import into NCM using the **Import Certificate** option discussed below. ### Self-Signed Certificate This option lets you enable SSL in NCM with a self-generated and self-signed certificate. This certificate is safe to use and is equally secure. However, browsers may display it as untrusted since it is not signed by a valid CA (Certificate Authority). ![Self-signed certificate](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-7.png) #### You will be prompted to restart NCM server for the changes to take effect. ![SSL Configuration](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-8.png) ### Import Certificate Use this option if you already have a valid certificate and key files, or a keystore or a PFX file with the certificate. ![Import certificate](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-9.png) #### Select a certificate file. ![select a certificate file](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-10.png) #### Select the appropriate "key" file. ![Select appropriate key file](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-11.png) #### Verify and choose Import. ![verify and choose import](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-12.png) #### If the certificate cannot be validated with trusted sources, you will be asked to provide the intermediate certificates and root certificate files. ![import certificate](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-13.png) #### Once uploaded, verify the certificate and click Import. ![Root certificate](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-14.png) #### On successful import, you will be prompted to restart NCM server. ![Restart NCM server](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-15.png) ### Importing from PFX or Keystore If you are using a Keystore or a PFX file, you will be prompted to input the password for opening the file. ![Importing from PFX](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-16.png) #### On clicking Fetch, you will be provided with a list of key entries present in the keystore. Choose a specific alias which is to be used to enable SSL in NCM. ![List of key entries](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-17.png) #### You will be shown a preview of the certificate information. Verify and click on Import to use the certificate. ![import](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-18.png) #### Finally, you will be prompted to restart NCM server for the changes to take effect. ![Restart NCM server](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-19.png) Finally, after enabling SSL through one of the above methods, you will be able to connect to NCM in secure mode: ![Enabling SSL](https://www.manageengine.com/network-configuration-manager/help/images/NCM-enabling-https-20.png)