How to Configure the Orchestrator Web Service to use HTTPS
Updated: May 13, 2016
Applies To: System Center 2012 SP1 - Orchestrator, System Center 2012 - Orchestrator, System Center 2012 R2 Orchestrator
Use the following steps to configure Secure Sockets Layer (SSL) for the System Center 2012 - Orchestrator web service and Orchestration console.
To configure the Orchestrator web service to use Secure Sockets Layer (SSL)
Request and install a certificate on the computer where you installed the Orchestrator web service. For guidance about requesting and installing a certificate, see How to implement SSL in IIS on the Microsoft Support website.
Configure SSL on the machine that hosts the web service and Orchestration console. The default port for the web service is port 81, and the default port for the Orchestration console is port 82. You should configure the ports as appropriate for your installation.
You can configure the bindings by performing the following steps:
Open Internet Information Services (IIS) Manager.
In the Connections pane, expand the Orchestrator web server, expand Sites, and then click Microsoft System Center 2012 Orchestrator Web Service.
In the Actions pane, click Bindings.
In the Site Bindings dialog box, click Add.
In the Add Site Binding dialog box, in the Type box, select https and select your SSL certificate.
Specify the Port to use. The default of 443 is recommended.
In the Microsoft System Center Orchestrator 2012 Orchestration Web Service pane, under IIS, double-click SSL settings.
In the SSL Settings pane, select Require SSL.
Repeat the procedure for Microsoft System Center 2012 Orchestrator Orchestration Console using a different port. Port 444 is recommended.
For more information about securing Internet Information Services (IIS) 7, see Configure Web Server Security (IIS 7).
To update the Orchestration console web.config file
On your Orchestrator web server, locate the web.config file at C:\Program Files (x86)\Microsoft System Center 2012\Orchestrator\Orchestration Console .
Open web.config in an editor.
Locate the service URI key, and update the key to connect to the web service through HTTPS. For example: change <add key="ScoServiceUri" value="http://<domain>:81/Orchestrator2012/Orchestrator.svc/"/> to <add key="ScoServiceUri" value=" https://<domain>:443/Orchestrator2012/Orchestrator.svc/"/>.
If you used a port for the web service other than 443, then use that port number.