--- myst: html_meta: "description lang=en": "Configure Kasm Workspaces with your own SSL certificates for your domain." "keywords": "Kasm, How to, How-to, SSL, Certificates, HTTPS, Custom Domain, Sub-Domain" "property=og:locale": "en_US" --- ```{title} Custom Certificates ``` # Replacing Self-Signed Certificates During installation, the system creates self-signed certificates that are used when connecting to the Web UI. Administrators may wish to replace these with valid, trusted certificates for the domain Kasm is to be published on. An alternative is to place Kasm Server behind a self-managed reverse proxy such as Nginx or Caddy. See the [Reverse Proxy](reverse_proxy.md) documentation for more details on this configuration. Acquiring valid certificates is outside the scope of this document, but once acquired, the following steps may be used to replace Kasm's self signed certificates. The certificate and key must be in **PEM** format. ```{note} For multi-server installations, repeat the following steps on each Web App role. ``` - Stop the Kasm Services. ```Bash sudo /opt/kasm/bin/stop ``` - Replace `kasm_nginx.crt` and `kasm_nginx.key` files. ```Bash sudo cp /opt/kasm/current/certs/kasm_nginx.crt sudo cp /opt/kasm/current/certs/kasm_nginx.key ``` - Start the Kasm Services. ```Bash sudo /opt/kasm/bin/start ``` - Test if nginx is running correctly. Wait 30 seconds. ```Bash sudo docker ps | grep kasm_proxy ``` - Ensure that the container has been running for more than 30 seconds.