==============
Enabling HTTPS
==============


Before you begin, purchase an SSL certificate and download the
SSL ``*.cert`` file and SSL ``*.key`` file.

NOTE: If security is not an issue, for testing, you may set up a
self-signed SSL certificate. For more information, see
http://www.selfsignedcertificate.com/.

#. Save the SSL ``*.cert`` file and an SSL ``*.key`` file in your
   home directory.

#. Configure the server to use those keys and the correct ports::

     anaconda-server-config --set ssl_options.keyfile ~/localhost.key
     anaconda-server-config --set ssl_options.certfile ~/localhost.cert
     anaconda-server-config --set port 8443



#. Restart your server for the changes to take effect::

     supervisorctl restart all

#. To test, navigate to the site using ``https`` in the address
   bar.

   NOTE: If you use a self-signed SSL certificate, your web
   browser issues a warning that the website certificate cannot
   be verified.

Next, configure your client side tools ``conda`` and ``anaconda-client`` to pull packages from the local repo by setting the ``ssl_verify`` and ``verify_ssl`` flags.

Configure conda
===============

If your conda client is configured to point to this local repo, update the configuration file ``.condarc`` to contain the ``ssl_verify`` flag. If you're using a self-signed certificate, configure the ``ssl_verify`` flag in ``.condarc`` to point to the root CA used to sign the Anaconda Enterprise Repository server certificate.

Configure anaconda-client
=========================

If you're using ``anaconda-client`` to connect to Anaconda Enterprise Repository with the command line, set the ``verify_ssl`` flag. 

Use ``anaconda config --files`` to find the ``anaconda-client`` configuration files.

SEE the :doc:`command reference <../../../commandreference>` for updating the client sites configuration for ``anaconda-client``.
