Configure your IIS web serverA server that provides web pages to client browsers using the HTTP protocol. to use a certificate .

To create or import a certificate:

1. Open Internet Information Services (IIS)A set of Internet-based services created by Microsoft® Corporation for internet servers. Manager.
2. Choose Server.
3. In the left pane, under IIS click Server Certificates.
4. Under Action, you can import an existing certificate or create a self-signed certificateA certificate that is signed by the person or application creating it rather than a trusted certificate authority. A certificate is used to encrypt the data during transmission..

Ensure that HTTPS binding is enable for the web server hosting the GFI OneGuard site:

1. Open Internet Information Services (IIS) Manager.
2. Expand Server > Sites.
3. Right-click on Default Web Site and select Edit Bindings.
4. Click Add... and select HTTPS.
5. The default port is set to 443. If another port needs to be used it can be changed here.
6. Under SSL certificate, select the certificate imported or created previously.
7. Click OK twice.
8. Click Close to complete the process.

Enforce the use of SSL to ensure that GFI OneGuard uses HTTPS to access the web interface:

1. Open Internet Information Services (IIS) Manager.
2. Browse to Server > Sites > Default Web Site.
3. Choose the GFI OneGuard virtual directory. (default is OneGuard)
4. In the left pane, under IIS click SSL Settings.
5. Select Require SSL
6. In the Client Certificates options, select Require.
7. Click Apply.

Update communication settings from the Platform to use HTTPS:

1. Verify that you have access to the GFI OneGuard web interfaces using the revized connection settings. Depending on the settings applied in the previous steps, the GFI OneGuard URLThe Uniform Resource Locator is the address of a web page on the world wide web. probably changes in the following structure:
   https://<servername/IP>:<new port>/<GFI OneGuard virtual directory>
   for example:
   https://myserver.example.com:443/OneGuard
   
2. When the new URL is confirmed and the login screen is shown, log into the GFI OneGuard Platform and click Settings .
3. From the left pane choose Network Control.
4. Turn on Custom ControllerA GFI OneGuard component automatically discovers devices connected to the network, acting as a relay that channels communications between Agents and Platform. Settings.
5. Select HTTPS.
6. Key in a port number, for example, 443. Use the same port selected inr the HTTPS binding of the IIS configuration, and make sure the port is open on the firewall.
7. To add a further layer of security, you can enforce the use of authentication by selecting Requires authentication. Enter a custom set of credentials in the Username and Password fields. These do not have to be a domain or system credentials, but a custom set which would also be configured in the Controller as an added measure of authentication. Take note of these credentials as they need to be specified in the next step.
8. Click Save Settings.

All Controller instances need to be updated to communicate with the Platform using HTTPS:

1. Log in to the server where the Controller is installed.
2. Right-click the GFI OneGuard Controller icon in the system tray and click Open.
3. Click Configure... in the Controller main window.
4. Go to the Communication tab and select Platform.
5. Click in the Server address field.
6. Type the new port number as configured in IIS (default port for HTTPS is 443) and select HTTPS.
7. Click OK.
8. Update the other settings in the Communication tab as required. For more information refer to Communication - Platform..

Repeat this step for all Controller instances deployed in your environment.