From 5a38a3f4db2882119b5665115f7f58412638a2c3 Mon Sep 17 00:00:00 2001
From: Georgi Michev <georgi.michev@vereign.com>
Date: Tue, 2 May 2023 08:59:38 +0000
Subject: [PATCH] Add instructions for SSL/TSL certificate creation

---
 README.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/README.md b/README.md
index 885764e..fefb631 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,31 @@ curl --location --request POST 'localhost:8500/realms/workspace/protocol/openid-
 
 Example JWKS URL for acquiring public keys for validating tokens: `localhost:8500/realms/workspace/protocol/openid-connect/certs`
 
+### SSL/TLS
+
+To access the Signing service through Nginx, using https://localhost:8080/signer/ 
+path, an TLS connection should be established. One easy way to do that is by
+using [mkcert](https://github.com/FiloSottile/mkcert) to create locally trusted certificates.  
+Instructions:
+1. Install [mkcert](https://github.com/FiloSottile/mkcert) by clicking the link
+and following the instructions for the respective OS
+2. Start the mkcert with this command:  
+```shell
+mkcert -install
+```
+3. Go to the "workspace" directory if not there already:  
+```shell
+cd $GOPATH/src/gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/workspace
+```
+4. Create the certificate for the localhost:  
+```shell
+ mkcert -cert-file nginx/localhost.crt -key-file nginx/localhost.key localhost
+```
+5. Restart the Nginx service if it is running (if not it will work when started):  
+```shell
+docker-compose restart nginx
+```
+
 ### License
 
 [Apache 2.0 license](LICENSE)
-- 
GitLab