# Add a SSL Certificate

<div align="left"><figure><img src="/files/ZGZKDo2Ujdz9md8AooZz" alt=""><figcaption></figcaption></figure></div>

To access the Nodeum Console securely, you can configure it with an SSL certificate. This guide provides instructions using the following parameters:

**Server Details:**

* **Hostname:** `nodeum.mydomain.com`
* **IP Address:** `10.1.2.3`

**Nodeum Ansible Package:**

* **Location:** `~/v1-x-y/`

**SSL Certificate Details:**

* **Validity Period:** `365 days`
* **Private Key File:**
  * **Name:** `private.key`
  * **Location:** `~/v1-x-y/files/nodeum_certs/`
* **Certificate File:**
  * **Name:** `public.crt`
  * **Location:** `~/v1-x-y/files/nodeum_certs/`

Follow these parameters to successfully implement SSL on your Nodeum Console.

### **Generating a Self-Signed Certificate**

Navigate to the `/files/` directory within the Nodeum Ansible inventory folder to execute the command.

```bash
$ cd ~/v1-x-y/files/
$ openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout 
./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/
CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,
IP:127.0.0.1,IP:10.1.2.3"
```

### Ensure proper generation of certificates.

The certificates will be used by Nginx (Console UI and API) to enable SSL. Additionally, the public certificate is employed by certain services.

```bash
$ cd ~/v1-x-y/files/nodeum_certs
$ ls -l
total 8
-rw------- 1 root root 3272 Mar 29 13:17 private.key
-rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt
```

### Enable SSL

To enable SSL after completing the task, update the Nodeum Ansible inventory file accordingly.

<pre class="language-bash"><code class="lang-bash"><strong>$ cd ~/v1-x-y/inventory/host_vars/
</strong><strong>$ vi srv01
</strong>... 
# If there is no default network interface defined or you want to override it
# iface_name: eth0
<strong>rails_ssl_enabled: yes
</strong>... 
</code></pre>

Proceed to run the Nodeum Ansible playbook to complete the installation.

{% hint style="info" %}
Once HTTPS is enabled, Nodeum's HTTP Console access is disabled. All HTTP requests are automatically redirected to HTTPS.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nodeum.io/security-guide/add-a-ssl-certificate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.