Airflow has two [configurations](https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#web-server-ssl-cert) to be added in `airflow.cfg` to enable SSL:
-`AIRFLOW__WEBSERVER__WEB_SERVER_SSL_CERT`
-`AIRFLOW__WEBSERVER__WEB_SERVER_SSL_KEY`
Those are files that will need to be local to the Airflow deployment.
## Generate Certs
We can generate these files following this [SO](https://stackoverflow.com/questions/47883769/how-to-enable-ssl-on-apache-airflow) thread:
```bash
openssl req \
-newkey rsa:2048 -nodes -keyout airflow.key \
-x509 -days 365 -out airflow.crt
```
and we can provide the following answers to try this locally:
```
Country Name (2 letter code) []:US
State or Province Name (full name) []:CA
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) []:OpenMetadata
Organizational Unit Name (eg, section) []:OpenMetadata
Common Name (eg, fully qualified host name) []:localhost
Email Address []:local@openmetadata.org
```
{% note %}
It is important that the `Common Name` is the host name that will be hosting Airflow.
{% /note %}
This command will generate the pair `airflow.key` and `airflow.crt`.
## Include Certificates
Once the files are generated we need to add them to the Airflow deployment. For example, if using the `openmetadata-ingestion`
image, you can update it to add the following lines: