When web applications are being accessed across the internet, there is always the possibility of usernames and passwords being intercepted by intermediaries (eg. between your computer and the server). It is often a good idea to enable access via HTTPS (HTTP over SSL), and require its use for pages where passwords are sent. Celoxis is bundled with a self-signed certificate and is accessible with SSL using: https://<server-name>:8843/psa/user.do

In case you do not want to use the default self-signed certificate, and want to generate your own certificate or use one provided by companies like Verisign, Thawte, etc. Please read Tomcat documentation. We recommend that you use the file .keystore already present in psa_x.y.z directory as your keystore file so that every time you upgrade, you will only need to copy this file over to the new directory.

In case you need to change the SSL port, you will need to edit psa_x.y.z/conf/server.xml file and replace 8843 with the desired value.

	Note
	Any change you make to the keystore or the SSL port will need to be copied over every time you upgrade your version of Celoxis.