# TLS Encryption Most browsers can't load resources via HTTP and WS (WebSocket) from HTTPS web pages secured with TLS. Therefore, if the player is on an HTTPS page, the player must request streaming through "https" and "wss" URLs secured with TLS. In this case, you must apply the TLS certificate to the OvenMediaEngine. You can set the port for TLS in `TLSPort`. Currently, LLHLS and WebRTC Signaling support TLS. ```markup 8081 8082 1 3333 3334 1 ... 80 443 3333 3334 ... ``` Add your certificate files to as follows:

<!-- For API Server -->
<Managers>
  <Host>
    <Names>
      <Name>*</Name>
    </Names>
    <TLS>
      <CertPath>path/to/file.crt</CertPath>
      <KeyPath>path/to/file.key</KeyPath>
      <ChainCertPath>path/to/file.crt</ChainCertPath>
    </TLS>
  </Host>
  ...
</Managers>

<VirtualHosts>
  <VirtualHost>
    <!-- For Vitual Host -->
    <Host>
        <Names>
            <Name>*</Name>
        </Names>
        <TLS>
          <CertPath>/etc/pki/airensoft.com/_airensoft_com.crt</CertPath>
          <KeyPath>/etc/pki/airensoft.com/_airensoft_com.key</KeyPath>
          <ChainCertPath>/etc/pki/airensoft.com/_airensoft_com.ca-bundle</ChainCertPath>
        </TLS>
    </Host>

To enable HTTP for HLS and WebRTC signaling servers, you must enable the TLS element and install the certificate file in PEM format. This involves indicating a server certificate through the `CertPath`, as well as a private key file through the `KeyPath`. These paths can be specified as either absolute or relative paths from the executable. However, if the server certificate was issued using an intermediate certificate, some browsers may raise concerns about the certificate's authenticity. To address this, a bundle of chained certificates provided by a Certificate Authority can be set in the `ChainCertPath`. Assuming the certificate settings are correctly configured, WebRTC streaming can then be played via the wss\://url protocol, while LLHLS streaming can be accessed via [https://url](https://url/).