Skip to main content

SSL/TLS, HTTPS, self-signed certificates

If you want to run Ory Hydra using self-signed TLS certificates, you can do the following:

openssl genrsa -out key.pem 4096
openssl req -new -x509 -sha256 -key key.pem -out cert.crt -days 365

SERVE_TLS_CERT_BASE64=$(base64 -i cert.crt)
SERVE_TLS_KEY_BASE64=$(base64 -i key.pem)

# or


If you run Docker locally, you can then use

docker run ... \

or mount the files using --mount and linking to the files.

TLS is not enabled and set to false by default. Please check under tls in the configuration to enable and configure TLS for self-hosted Ory Hydra.