4.6. Configuring SSL Connections with the TPS

By default, the TPS communicates with the Enterprise Security Client over standard HTTP. It is also possible, and in many situations desirable, to secure the TPS-client communications by using HTTP over SSL (HTTPS).

The Enterprise Security Client has to have the CA certificate for the CA which issued the TPS's certificates in order to trust the TPS connection. From there, the Enterprise Security Client can be configured to connect to the TPS's SSL certificate.

Download the CA certificate used by the TPS.
1. Open the CA's end user pages in a web browser.
```
https://server.example.com:9444/ca/ee/ca/
```
2. Click the Retrieval tab at the top.
3. In the left menu, click the Import CA Certificate Chain link.
4. Choose the radio button to download the chain as a file, and remember the location and name of the downloaded file.
Open the Enterprise Security Client.
Import the CA certificate.
1. Click the View Certificates button.
2. Click the Authorities tab.
3. Click Import.
4. Browse to the CA certificate chain file, and select it.
5. When prompted, confirm that you want to trust the CA.
The Enterprise Security Client needs to be configured to communicate with the TPS over SSL; this is done by setting the Phone Home URL, which is the default URL the Enterprise Security Client uses to connect to the TPS.
Insert a new, blank token into the machine.
Blank tokens are unformatted, so they do not have an existing Phone Home URL, and the URL must be set manually. Formatted tokens (tokens can be formatted by the manufacturer or by your IT department) already have the URL set, and thus do not prompt to set the Phone Home URL.
Fill in the new TPS URL with the SSL port information. For example:
```
https://server.example.com:7890/cgi-bin/home/index.cgi
```
Click the Test button to send a message to the TPS.
If the request is successful, the client opens a dialog box saying that the Phone Home URL was successfully obtained.