HTTPS adds a layer of security over your data by using SSL/TLS protocols to encrypt the data transmitted between the web server and the web browser (ie. the client). This encryption ensures that even if someone intercepts the data, they won't be able to understand or modify it easily. This workflow is called the TLS Handshake.
To use HTTPS in production, you’ll need to first obtain digital certificate from a Certificate Authority (CA). To obtain a digital certificate you will need to generate a Certificate Signing Request (CSR) from your server which contains your generated public key and identity information. The CA will verify and issue you a Digital Certificate that you can supply Iguana along with your generated private key.
For test purposes, Iguana X includes a sample self-signed certificate file (cert.pem) and private key file (key.pem) that can be used. These can be found in the web configurations file:
<instance directory>/configurations/web/
You can enable HTTPS by adding your file paths to the Web Configuration File or through the Web Server Settings following the steps below: