--- title: "Rocket Chat SSL Support for Dev" slug: "supporting-ssl-for-development-on-rocketchat" description: "Learn how to configure SSL for Rocket Chat development. Enable secure mobile testing and safeguard collaboration workflows." updated: 2026-02-07T09:19:33Z published: 2026-02-07T09:19:33Z --- > ## Documentation Index > Fetch the complete documentation index at: https://developer.rocket.chat/llms.txt > Use this file to discover all available pages before exploring further. # Supporting SSL for Mobile Development The server must support SSL when working with mobile apps. As a "middle-tier application server," Rocket.Chat does not handle SSL itself. However, it works well with several production-ready reverse proxy servers you can configure to handle SSL. Your Rocket.Chat server may or may not be publicly accessible on the internet. Below are the instructions for configuring SSL for both scenarios. ## If Rocket.Chat server is publicly accessible on the Internet - If your server is publicly accessible, it is recommended that you use a service like [Let's Encrypt](https://letsencrypt.org/) to obtain your SSL certificates. - For Ubuntu users, it can be configured automatically using [Snaps](https://docs.rocket.chat/v1/docs/deploy-with-snaps). ## If Rocket.Chat server is not accessible on the Internet If your server is not accessible on the internet, you need to provide self-signed certificates to configure SSL on the server. The steps highlighted below are adapted from the resource [Self-Signed Certificate with Custom Root CA](https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309). ### 1 Create root CA 1. **Create root key**: The root key is crucial for signing certificate requests. Keep it secure, as it can sign certificates on your behalf. ```bash openssl genrsa -des3 -out Rocket.Chat-root.key 4096 ``` > [!NOTE] > If you want a non-password-protected key, remove the `-des3` option. 1. **Create and self-sign the root certificate**: Create the root certificate with the root key and distribute it to all computers that should trust you. ```bash openssl req -x509 -new -nodes -key Rocket.Chat-root.key -sha256 -days 1024 -out Rocket.Chat-root.crt ``` > [!WARNING] > Do not distribute this root certificate in production, as a breach could compromise all devices that trust it. ### 2 Create an SSL certificate 1. **Create the certificate key**: ```bash openssl genrsa -out mydomain.com.key 2048 ``` > Replace `mydomain.com` with your IP address. Bonjour local domains also work! 1. **Create the certificate signing request**: While creating the certificate signing request, it is important to specify the `Common Name` providing the IP address or URL for the service; otherwise, the certificate cannot be verified. ```bash openssl req -new -key mydomain.com.key -out mydomain.com.csr ``` 1. **Generate the SSL certificate**:****Use the `mydomain.com` CSR, along with the `Rocket.Chat-root` CA. ```bash openssl x509 -req -in mydomain.com.csr -CA Rocket.Chat-root.crt -CAkey Rocket.Chat-root.key -CAcreateserial -out mydomain.com.crt -days 365 -sha256 ``` ### Configuring SSL for Rocket.Chat The `mydomain.com.crt` and `mydomain.com.key` files generated above are used as the certificate and the private key to configure SSL. > To learn more about configuring your choice of SSL Reverse proxy servers, see [configuring SSL reverse proxy](https://docs.rocket.chat/setup-and-configure/environment-configuration/configuring-ssl-reverse-proxy). ### Trusting certificate authority All the devices that need to communicate with the server during development must trust the root certificate [generated earlier](/v1/docs/supporting-ssl-for-development-on-rocketchat#create-and-selfsign-the-root-certificate) (`Rocket.Chat-root.crt`). - For **Apple** devices, see [installing a CA’s root certificate on your test device](https://developer.apple.com/library/archive/qa/qa1948/_index.html#//apple_ref/doc/uid/DTS40017603-CH1-SECINSTALLING). - For **Android** devices, see [add & remove certificates](https://support.google.com/nexus/answer/2844832?hl=en). Once the root certificate has been installed successfully, the device can access Rocket.Chat over SSL. > If your device is not able to connect over SSL, ensure that the URL has `https://` explicitly typed out before it.