# Enabling HTTPS for on-premise Xopero ONE installation

## Linux & Windows

### <mark style="background-color:blue;">Configuration</mark>

1. Open the **appsettings.json** file located in the **Xopero ONE Management Service** installation directory:
   * **Windows (default):** `C:\Program Files\Xopero ONE Backup&Recovery`
   * **Linux (default):** `/opt/XoperoONEManagementService`

{% hint style="info" %}
The file is a standard **JSON** configuration file that needs to be modified.
{% endhint %}

2. Locate the `"commented_out_Kestrel"` section, which by default looks like this:

```json
"commented_out_Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://*:5000"
}
```

3. Modify the section by removing the `commented_out_` prefix and providing the HTTPS configuration as follows:

```json
"Kestrel": {
"Endpoints": {
      		"Http": {
      		 		"Url": "http://*:5000"
      },
		"Https": {
				"Url": "https://*:5001",
				"Certificate":{
						"Path": "<.pfx file path>",
						"Password": "<certificate password>"
		}
	  }
    }
  }
```

**Path** - path to .pfx file (Remember to use double slash, so in case you're keeping the certificate in **C:\cert.pfx** directory provide the path in the following way: **C:\\\cert.pfx)**&#x20;

* **Path:** full path to the `.pfx` certificate file. Remember to use double backslashes on **Windows**. For example, if the certificate is located at `C:\cert.pfx`, enter it as:

  ```json
  C:\\cert.pfx
  ```
* **Password:** the password for the certificate.

{% hint style="info" %}
Learn more about the **Kestrel** configuration on [the official **Microsoft** website](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-9.0).
{% endhint %}

### <mark style="background-color:blue;">Restarting the Xopero ONE Management Service</mark>

After editing the **appsettings.json** file, restart the **Xopero ONE Management Service** to apply the changes:

* On **Windows**:

```cmd
net stop XoperoONEManagementService
net start XoperoONEManagementService
```

* On **Linux**:

```bash
systemctl restart XoperoONEManagementService
```

{% hint style="danger" %}
After setting up HTTPS for the **Management Service**, you need to switch agent communication to HTTPS. To do this, locate the **config.json** file in the agent installation directory (by default: `C:\Program Files\Xopero ONE Backup&Recovery Agent`), open it in a text editor, and modify the `ServiceUrl` parameter to use the `https://` protocol. Save the changes and restart the agent to apply the new settings.
{% endhint %}

***

## Docker

### <mark style="background-color:blue;">Configuration</mark>

When deploying a container with your **Xopero ONE** service, you must include two additional environment variables: `ASPNETCORE_Kestrel__Certificates__Default__Path` and `ASPNETCORE_Kestrel__Certificates__Default__Password`. These variables define the path to your **SSL** certificate and its corresponding password, respectively.

As the **Value** of specific variables enter as follows:

* `ASPNETCORE_Kestrel__Certificates__Default__Path` — path to certificate in **.pfx** format.&#x20;
* `ASPNETCORE_Kestrel__Certificates__Default__Password` — password to certificate.&#x20;

Example:

<figure><img src="/files/UTI5FtGMRZOb8YgtA9tg" alt=""><figcaption></figcaption></figure>

It is essential to ensure that the certificate is stored in a **mounted and persistent location**, so that it remains available and is not removed or lost during container updates or redeployments.

{% hint style="warning" %}
It is important to note that, besides implementing the certificate on the management console host, all devices connecting to the console must also recognize this certificate as trusted. Therefore, when using a self-signed certificate, **you must import it on every device that will connect to the console**. Otherwise, the encrypted HTTPS connection may be rejected due to the certificate not being trusted.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://helpcenter.xopero.com/xopero-one-en/troubleshooting/enabling-https-for-on-premise-xopero-one-installation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.