Skip to content


By default, the Reactor UI and API are served on unencrypted connections. If you prefer to use encrypted connections, this document describes how to configure Reactor to do that.

You will, of course, need a server certificate. You can get this from a certificate issuer such as, or use a self-signed certificate. Your certificate will need to be in PEM format.

  1. Place your certificate and private key files in any directory accessible to Reactor at runtime. For bare-metal installs, this can be any accessible (to the runtime user) directory in the filesystem. For docker container users, you must locate the files in your Reactor config subdirectory.

  2. In your reactor.yaml configuration file, change the baseurl protocol from http: to https:.

  3. In your reactor.yaml configuration file, add the following two lines after the baseurl line (and indented to the same level with spaces):

    baseurl: "https://...:8111"
    pki_certfile: certificate-filename
    pki_keyfile: private-key-filename

    If simple filenames are given above, the files are assumed to be in the config subdirectory. Otherwise, they are assumed to be full pathnames to another filesystem location. If the certificate and private key are in the same file, you can omit the pki_keyfile line above.

  4. Restart Reactor.

  5. Open the Reactor UI using the new HTTPS URL (from baseurl in step 2 above).

If Reactor does not start, check the reactor.log file for messages. The most likely problem is that your certificate and private key files are not accessible (check the path and permissions), or that the certificate and private key files are not in the correct (PEM) format. If you still can't resolve the issue, simply restore the baseurl by undoing the edit done in step 2 above.

Creating a Self-Signed Certificate using OpenSSL

You can create a self-signed certificate by issuing the following command on most Linux systems that have OpenSSL installed:

    openssl req -x509 -nodes -newkey rsa:2048 -days 365 -keyout reactor.key -out reactor.crt

The certificate generated from this command will be valid for 365 days (-days option).

Updated: 2022-May-19