This guide explains how to enable HTTPS and provide certificates for the Management Console and core services.
Supported Formats
You can use either:
- PFX/PKCS#12 (
.pfx,.p12) - PEM certificates (
.pem,.crt,.cer) plus a separate private key file (.key)
PEM deployments require both the certificate file and its private key file.
Configuration Keys
Add these to Proxus-config.toml (or equivalent environment variables):
| Key | Purpose |
|---|---|
| SSL-Certificate-Name | Certificate file name (PFX or PEM). |
| SSL-Certificate-Password | Password for PFX or encrypted PEM key (if required). |
| SSL-Certificate-Key-Name | Private key file name for PEM deployments (e.g., example.key). |
| UI-HTTPS-Port | HTTPS port for the Management Console. |
| WEBApi-HTTPS-Port | HTTPS port for the REST API. |
| Server-HTTPS-Port | Secure gRPC port for the core service. |
PFX Example
[Service]
UI-HTTPS-Port = "8443"
WEBApi-HTTPS-Port = "8445"
Server-HTTPS-Port = "8447"
SSL-Certificate-Name = "example.pfx"
SSL-Certificate-Password = "change-me"PEM Example
[Service]
UI-HTTPS-Port = "8443"
WEBApi-HTTPS-Port = "8445"
Server-HTTPS-Port = "8447"
SSL-Certificate-Name = "example.pem"
SSL-Certificate-Key-Name = "example.key"
# SSL-Certificate-Password = "optional-if-key-is-encrypted"Placement
Place certificate files in the config directory used by the platform:
- Local: the
config/folder next to the runtime - Containers: mount the same
config/directory into the container
Notes
- If a PEM key is encrypted, provide
SSL-Certificate-Password. - Ensure the HTTPS port keys are set; HTTPS remains disabled if ports are not specified.