By default, on the Site Server, the CEM port is 443. It can be customized in the "Cloud-enabled Management Site Server Settings" policy located under Settings->Notification Server->Cloud-enabled Management.When you assign the port in this policy and assign Site Server to proper CEM site as JoeVan wrote above, this policy will come to your Site Server and create required binding in IIS automatically. This also happens when port value is changed in the policy: all Site Servers will receive the change and re-create the binding.
On the Gateway: in order the whole chain to work (Client<->IG<->SiteServer) you also need to add the Site Server description into the gateway UI, as JoeVan mentioned. This description need to be updated manually when you change the port in "Cloud-enabled Management Site Server Settings" policy. When choosing the ports, be aware that on the Gateway, no other application should use those which you assign in the gateway, e.g. if IIS is installed on the gateway by some reason then they will be conflicting if using the same ports.
Here is a couple of quite good articles describing how to configure and troubleshoot HTTPS and CEM, which could be worth reading:
https://www-secure.symantec.com/connect/articles/how-install-cem-functionality-smp-75-sp1
https://www-secure.symantec.com/connect/articles/about-different-cases-troubleshooting-cem-functionality
UPD: Corrected above: 4726 is the default for 8.0. For pre 8.0 it is 443.