> For the complete documentation index, see [llms.txt](https://docs.n8n.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.n8n.io/deploy/host-n8n/configure-n8n/basic-configuration/configuration-examples/configure-custom-ssl-certificate-authorities.md).
# Configure custom SSL certificate authorities
You can add your own certificate authority (CA) or self-signed certificate to n8n. This means you are able to trust a certain SSL certificate instead of trusting all invalid certificates, which is a potential security risk.
{% hint style="info" %}
**Added in version 1.42.0**
This feature is available in version 1.42.0 and above.
{% endhint %}
To use this feature you need to place your certificates in a folder and mount the folder to `/opt/custom-certificates` in the container. The external path that you map to `/opt/custom-certificates` must be writable by the container.
## Docker
The examples below assume you have a folder called `pki` that contains your certificates in either the directory you run the command from or next to your docker compose file.
### Docker CLI
When using the CLI you can use the `-v` flag from the command line:
```bash
docker run -it --rm \
--name n8n \
-p 5678:5678 \
-v ./pki:/opt/custom-certificates \
docker.n8n.io/n8nio/n8n
```
### Docker Compose
```yaml
name: n8n
services:
n8n:
volumes:
- ./pki:/opt/custom-certificates
container_name: n8n
ports:
- 5678:5678
image: docker.n8n.io/n8nio/n8n
```
You should also give the right permissions to the imported certs. You can do this once the container is running (assuming n8n as the container name):
```bash
docker exec --user 0 n8n chown -R 1000:1000 /opt/custom-certificates
```
## Certificate requirements for Custom Trust Store
Supported certificate types:
* Root CA Certificates: these are certificates from Certificate Authorities that sign other certificates. Trust these to accept all certificates signed by that CA.
* Self-Signed Certificates: certificates that servers create and sign themselves. Trust these to accept connections to that specific server only.
You must use PEM format:
* Text-based format with BEGIN/END markers
* Supported file extensions: `.pem`, `.crt`, `.cer`
* Contains the public certificate (no private key needed)
For example:
```
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKoK/heBjcOuMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
[base64 encoded data]
-----END CERTIFICATE-----
```
The system doesn't accept:
* DER/binary format files
* PKCS#7 (.p7b) files
* PKCS#12 (.pfx, .p12) files
* Private key files
* Convert these formats to PEM before use.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.n8n.io/deploy/host-n8n/configure-n8n/basic-configuration/configuration-examples/configure-custom-ssl-certificate-authorities.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.