The identity applications and Identity Reporting use HTML forms for authentication. As a result, the login process might expose user credentials. NetIQ recommends that you enable SSL protocol to protect sensitive information. SSL protocol ensures that all communication between Identity Manager components is secured.
You must have certificates to configure Tomcat server to communicate using SSL. You can obtain certificates in two ways:
External trusted Certificate Authority (CA) issued certificate
On Linux, the installation program automatically configures Identity Applications and Identity Reporting components with a secured connection (HTTPS) using the certificate issued by the Identity Vault. For a production environment, you are recommended to use a certificate issued by an external Certificate Authority. You need to manually configure a secured connection on Windows.