If you are running in a non-secure staging environment, and you’re ready to move to production, you must perform the following steps to enable security.
Change Identity Server configuration protocol to HTTPS. (See Section 12.4, Configuring Secure Communication on Identity Server.)
Replace the test certificates with your own. (See Section 19.1.2, Using Access Manager Certificates or Section 19.1.3, Using Externally Signed Certificates.)
Update all devices that are trusting this Identity Server configuration.
This causes the Embedded Service Provider to reimport the metadata of Identity Server.
(Conditional) If you have set up federation, reimport metadata for trusted service and identity providers. (See Section 2.7.7, Managing Metadata.)
Change Access Gateway configuration to HTTPS. (See Configuring Access Gateway for SSL.)