# Add a SSL Certificate
To access the Nodeum Console securely, you can configure it with an SSL certificate. This guide provides instructions using the following parameters:
**Server Details:**
* **Hostname:** `nodeum.mydomain.com`
* **IP Address:** `10.1.2.3`
**Nodeum Ansible Package:**
* **Location:** `~/v1-x-y/`
**SSL Certificate Details:**
* **Validity Period:** `365 days`
* **Private Key File:**
* **Name:** `private.key`
* **Location:** `~/v1-x-y/files/nodeum_certs/`
* **Certificate File:**
* **Name:** `public.crt`
* **Location:** `~/v1-x-y/files/nodeum_certs/`
Follow these parameters to successfully implement SSL on your Nodeum Console.
### **Generating a Self-Signed Certificate**
Navigate to the `/files/` directory within the Nodeum Ansible inventory folder to execute the command.
```bash
$ cd ~/v1-x-y/files/
$ openssl11 req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout
./nodeum_certs/private.key -out ./nodeum_certs/public.crt -subj "/
CN=nodeum.mydomain.com" -addext "subjectAltName=DNS:nodeum.mydomain.com,DNS:localhost,
IP:127.0.0.1,IP:10.1.2.3"
```
### Ensure proper generation of certificates.
The certificates will be used by Nginx (Console UI and API) to enable SSL. Additionally, the public certificate is employed by certain services.
```bash
$ cd ~/v1-x-y/files/nodeum_certs
$ ls -l
total 8
-rw------- 1 root root 3272 Mar 29 13:17 private.key
-rw-rw-r-- 1 root root 1927 Mar 29 13:17 public.crt
```
### Enable SSL
To enable SSL after completing the task, update the Nodeum Ansible inventory file accordingly.
$ cd ~/v1-x-y/inventory/host_vars/
$ vi srv01
...
# If there is no default network interface defined or you want to override it
# iface_name: eth0
rails_ssl_enabled: yes
...
Proceed to run the Nodeum Ansible playbook to complete the installation.
{% hint style="info" %}
Once HTTPS is enabled, Nodeum's HTTP Console access is disabled. All HTTP requests are automatically redirected to HTTPS.
{% endhint %}
