# Setting a custom certificate

Tonic Textual provides a certificate for https traffic, but on a self-hosted instance, you can also use a user-provided certificate. The certificate must use the the PFX format and be named `solar.pfx`.

To use your own certificate, you must:

* Add the `SOLAR_PFX_PASSWORD` [environment variable](https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/textual-env-var-configure).
* Use a volume mount to provide the certificate file. Textual uses volume mounting to give the Textual containers access to the certificate.

You must apply the changes to both the Textual web server and Textual worker containers.

## Docker <a href="#custom-cert-docker" id="custom-cert-docker"></a>

To use your own certificate, you make the following changes to the **docker-compose.yml** file.

### Environment variable <a href="#custom-cert-docker-env-var" id="custom-cert-docker-env-var"></a>

Add the [environment variable](https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/textual-env-var-configure) `SOLAR_PFX_PASSWORD`, which contains the certificate password.

### **Volume mount** <a href="#custom-cert-docker-volume-mount" id="custom-cert-docker-volume-mount"></a>

Place the certificate on the host machine, then share it to the containers as a volume.

You must map the certificate to `/usr/bin/textual/certificates` on the containers.

Copy the following:

```
volumes:
        ...
        - /my-host-path:/usr/bin/textual/certificates
```

## Kubernetes <a href="#custom-cert-kubernetes" id="custom-cert-kubernetes"></a>

### Environment variable <a href="#custom-cert-kubernetes-env-var" id="custom-cert-kubernetes-env-var"></a>

You must add the [environment variable](https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/textual-env-var-configure) `SOLAR_PFX_PASSWORD`, which contains the certificate password.

### **Volume mount** <a href="#custom-cert-kubernetes-volume-mount" id="custom-cert-kubernetes-volume-mount"></a>

You can use any volume type that is allowed within your environment. It must provide at least [`ReadOnlyMany`](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) access.

You map the certificate to `/usr/bin/textual/certificates` on the containers. Within your web server and worker deployment YAML files, the entry should be similar to the following:

```
    volumeMounts:
    - name: <my-volume-name>
      mountPath: /usr/bin/textual/certificates
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/general-instance-and-processing-settings/textual-custom-certificate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.