Securing Trust Protection Foundation's web servers

To secure and protect all web services created and used by the system, Trust Protection Foundation automatically redirects HTTP requests to HTTPS and provides a server certificate. This method ensures that all inbound authentication processes are secure.

During installation, Trust Protection Foundation creates a self-signed Venafi Operational Certificate (VOC) for each Trust Protection Foundation server, and places them in the Venafi Operational Certificate folder of the policy tree.

CAUTION You should never use a self-signed certificate in production. The self-signed certificate generated by the Trust Protection Foundation server is for convenience in development or test environments only. For production environments, install your own CA-issued certificate. To replace the self-signed certificate, see Replacing the Venafi Operational Certificate with your own CA-signed certificate.

Exceptions to HTTPS Redirects

Because encryption is built into the SCEP protocol used by Network Device Enrollment, SSL/TLS is not enforced like it is for other Trust Protection Foundation web services. This is useful for servicing certificate enrollment requests from legacy SCEP clients that do not support SSL/TLS (HTTPS).