diff --git a/README.md b/README.md
index 885764e45eccbdd36a271e95a8bc480cbbed6af9..fefb6317d7746587c84d476f376be65e05f63dab 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,31 @@ curl --location --request POST 'localhost:8500/realms/workspace/protocol/openid-
 
 Example JWKS URL for acquiring public keys for validating tokens: `localhost:8500/realms/workspace/protocol/openid-connect/certs`
 
+### SSL/TLS
+
+To access the Signing service through Nginx, using https://localhost:8080/signer/ 
+path, an TLS connection should be established. One easy way to do that is by
+using [mkcert](https://github.com/FiloSottile/mkcert) to create locally trusted certificates.  
+Instructions:
+1. Install [mkcert](https://github.com/FiloSottile/mkcert) by clicking the link
+and following the instructions for the respective OS
+2. Start the mkcert with this command:  
+```shell
+mkcert -install
+```
+3. Go to the "workspace" directory if not there already:  
+```shell
+cd $GOPATH/src/gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/workspace
+```
+4. Create the certificate for the localhost:  
+```shell
+ mkcert -cert-file nginx/localhost.crt -key-file nginx/localhost.key localhost
+```
+5. Restart the Nginx service if it is running (if not it will work when started):  
+```shell
+docker-compose restart nginx
+```
+
 ### License
 
 [Apache 2.0 license](LICENSE)