---
sidebar_position: 1
sidebar_label: 'ssl'
---

# Secure Socket Layer/Transport Layer Security
Each realm has an SSL Mode associated with it. The SSL Mode defines the SSL/HTTPS requirements for interacting with the realm. Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they will not be allowed to interact with the server.

## Video Tutorial
import videojs from 'video.js';

<video id="my-video" class="vjs-fill vjs-default-skin" controls preload="auto" width="100%" height="100%" poster="/img/user-guide/ssl-mode.png" >
    <source src="/videos/user-guide/admin/admin-login.webm" type="video/webm"/>
</video>

## Reference instructions
Please follow the instructions below:

### SSL Mode

NPIS-IAM generates a self-signed certificate which unfortunately isn't secure, and shouldonly be used for testing purposes installing a CA-signed certificate in NPIS-IAM itself or on areverse proxy in front of the NPIS-IAM. The NPIS admin is advised to procure a **wildcard** for the domain npis.go.ug from a credible certificate authority.

![NPIS Admin console login](/img/user-guide/ssl-mode.png)

To configure the SSL Mode of a created or existing realm, the admin needs to click on the Realm Settings left menu item and go to the Login tab.
The **Require SSL** option allows you to pick the SSL Mode you want. Here is an explanation of each mode:



* external requests

    - Users can interact with NPIS-IAM without SSL so long as they stick to private IP addresses like localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. Any attempt to access NPIS-IAM without SSL from a non-private IP address you will get an error.
* none

    - NPIS-IAM does not require SSL. This should really only be used in testing
* all requests

    - NPIS-IAM requires SSL for all IP addresses.