Secure Communication

SSL certificate files are required for secure communication with REST. Make sure you generate these files before you begin this procedure.

Follow these steps:

Navigate to the following folder
```
nginx_install_dir/conf
```
This folder contains pam-rest.conf file.
Open the pam-rest.conf file.
Edit the following block of code:
```
## HTTPS
upstream sslcluster  {
  server <Enter node1 hostname here>:7443 max_fails=3 fail_timeout=5s;
  server <Enter node2 hostname here>:7443 max_fails=3 fail_timeout=5s;
}	
```
Replace the Enter node1 hostname here placeholders with a valid value. Do not change the port numbers unless you use a different port for the CA Process Automation node.

Repeat these steps for each additional node that you install.

Update the following lines by specifying the location of c2ocert.pem and c2okey2.pem files (in the nginx_installed_location\conf directory).

ssl_certificate      <certificate_location\c2ocert.pem>;

ssl_certificate_key  <certificate_location\c2okey2.pem>;

For example:

ssl_certificate      <nginx_install_dir\conf\c2ocert.pem>;

Save and close the pam-rest.conf file.
Open the nginx.conf file.
Add the following entry in the http block at the end of the nginx.conf file:
```
include nginx_install_dir/conf/pam-rest.conf;
```
This entry links NGINX with the configuration changes you made for CA Process Automation in the pam-rest.conf file.
Save and close the nginx.conf file.
Important! Perform the rest of these steps after you install at least one Orchestrator node. See Interactive Domain Orchestrator Installation or Unattended Domain Orchestrator Installation for instructions.
Once you have installed at least one Orchestrator node, open the nginx_install_dir/conf/nginx.conf file.
Save and close the nginx.conf file.
Stop NGINX. In a command prompt, navigate to the NGINX directory location and enter:
- Windows:
```
nginx -s stop
```
- Linux:
```
service nginx  stop
```
Restart NGINX.
The changes take effect.