Securing Trust Protection Platform's web servers

To secure and protect all web services created and used by the system, Trust Protection Platform automatically redirects HTTP requests to HTTPS and provides a server certificate. This method ensures that all inbound authentication processes are secure.

During installation, Trust Protection Platform creates a self-signed Venafi Operational Certificate (VOC) for each Venafi server, and places them in the Venafi Operational Certificate folder of the policy tree.

CAUTION You should never use a self-signed certificate in production. The self-signed certificate generated by the Trust Protection Platform server is for convenience in development or test environments only. For production environments, install your own CA-issued certificate. To replace the self-signed certificate, see Replacing the Venafi Operational Certificate (VOC) with your own CA-signed certificate.

Exceptions to HTTPS Redirects

Because encryption is built into the SCEP protocol used by Network Device Enrollment, SSL/TLS is not enforced like it is for other Venafi web services. This is useful for servicing certificate enrollment requests from legacy SCEP clients that do not support SSL/TLS (HTTPS).