Shashi Bhushan http://systemcentermvp.

com

Configure SCOM Web URL to use HTTPS (SSL) only

Recently we got a request from one of our clients to configure the SCOM Web Console URL to use HTTPS
only as their security team raised a concern using HTTP Web URLs.

I also recommend using SSL for the Web URLs as the encryption within HTTPS is intended to provide
benefits like confidentiality, integrity and identity. Your information remains confidential from prying
eyes because only your browser and the server can decrypt the traffic. Integrity protects the data from
being modified without your knowledge.

So, before you start, make sure your SCOM Web Console is working fine.

Since our Web Console is working fine, we can proceed further.

In order to configure SCOM Web Console URL to use HTTPS, we need a SSL Certificate and for that we
need to request the certificate from the server which has Web Console role installed.

Below post explains how to generate a SSL Certificate:

http://systemcentermvp.com/2016/10/12/csr-creation-ssl-certificate-scom-2012-r2/
Shashi Bhushan http://systemcentermvp.com

Once you have obtained the new Certificate, save it under preferred location on Management Server.

In our case, we have saved the Certificate file cert.p7b under C:\temp folder.

Open PowerShell as Administrator and fire below cmdlet:

Import-Certificate -FilePath C:\temp\cert.p7b -CertStoreLocation cert:\LocalMachine\My

The installed certificate should be visible under IIS Manager.

Shashi Bhushan http://systemcentermvp.com

Since the Certificate is successfully imported, it’s time to configure the bindings.

1: Expand Sites, click on Default Web Site and click on Bindings option.
Shashi Bhushan http://systemcentermvp.com

2: Click on Add button under Site Bindings window.

Shashi Bhushan http://systemcentermvp.com

3: Select https from Type dropdown list and ensure Port 443 is selected.

4: Select the certificate from SSL certificate dropdown list and click OK.
Shashi Bhushan http://systemcentermvp.com

The binding should reflect under Site Bindings window. Click Close button to close the wizard.
Shashi Bhushan http://systemcentermvp.com

Once the binding is done, we need to setup the IIS to accept SSL connections.

1: Expand Sites, click on Default Web Site and double click on SSL Settings option.
Shashi Bhushan http://systemcentermvp.com

2: Put check mark on Require SSL option and click Apply.

Shashi Bhushan http://systemcentermvp.com

IIS configuration is done, now it’s time to make the changes under Web Addresses setting in SCOM
Console.

1: Expand Security option under Administration tab and click on Settings.

2: Double click Web Addresses option.

3: Select https:// from dropdown list under Web console option.

4: Click on Test button to test the URL.

Shashi Bhushan http://systemcentermvp.com

The URL with SSL should be working same way it was working before without SSL.

Hope this helps.