# Configuring SSL Certificates for Kubernetes

By default the Frends Agent generates self signed certificates for API and HTTP endpoints.

It is also possible to secure API and HTTP endpoints with your own SSL certificates. To do this, you need to add a **Default external address for new agents** and modify the Agent configuration before deployment.

## Add a Default external address for new agents

Under the target Agent Group enter the external address into the Default External Address e.g. <https://myagentfqdn.frendsapp.com> and save changes.

The option will be visible when **Allow new agents to connect to agent group** option is enabled for the Agent Group.

<figure><img src="https://downloads.intercomcdn.com/i/o/cbxrrbbm/1585477487/0dcf47d31c05f524583ac5d46e06/image.png?expires=1759914000&#x26;signature=fb8682a3b3db734c45359ea88b67af0a6139094c2fd4623e1c4b15a9b37513cf&#x26;req=dSUvE815moVXXvMW1HO4zT7PgXOUNopM4NZbzBg89ugIqYTW0UvKlmai%2FuRn%0AIB5u0ETE9rA7bbTPyyQ%3D%0A" alt=""><figcaption><p>External address for Kubernetes deployments.</p></figcaption></figure>

The next time you deploy an Agent to this Agent Group this will be used as the External address.

## Set Kubernetes configuration options

Download and extract the Agent Kubernetes Configuration from the Frends Control Panel to include the new external address in it. We need to make couple of changes to the default config to enable the certificates.

### Secrets changes

To add your own certificate to the configuration, edit **/app/secrets/appsettings.secrets.json** and add your certificates thumbprint to **certificateThumbprintOrPath** field.

Next, copy your **PFX certificate file** into the **/app/secrets** directory.

### Deploy file changes

Now edit **FRENDS-Agent-Deploy.yaml** file, and add the following within the **containers** section, after the **images** clause and on the same indendation level:

```
command: ["/bin/bash","-c"]
args: ["dotnet --roll-forward Major /app/CertTool/GSoft.CertificateTool.dll add -f /app/secrets/<PFX FileName> --password <PFX Password> --store-name My && dotnet Frends.Agent.dll"]
```

Replace the following values with your certificate details:

* PFX FileName
* PFX Password
* certificateThumbprintOrPath

The file's containers section should now look like the following:

<figure><img src="/files/Xhc7zU9qe4xcc0UCKWrb" alt=""><figcaption><p>Example FRENDS-Agent-Deploy.yaml file contents for Containers.</p></figcaption></figure>

These two new lines override the default Agent start-up and run a tool to import the PFX certificate before starting the Agent.

Finally, add the certificate filename to the **frends-agent-secrets** under **volumes** section. Under the **items** list, add a new **key** and **path** like this:

```
- key: <PFX FileName> 
  path: <PFX FileName>
```

Replace \<PFX FileName> with the filename of your PFX file.

It should now look something like this:

<figure><img src="https://downloads.intercomcdn.com/i/o/209882559/9d81733c6f8b1b6727631657/image.png?expires=1759914000&#x26;signature=8585a8e9bba28baa8e063175173ce52c7de1a1cd790f42f3bd989403291959f5&#x26;req=diAuHsF8mIRWFb4f3HP0gPf2Bo1yjsRmpvJJbrBzOD2HVT9vly0%2FqP1OGJ9c%0A5yC4ew3MyeEd4FkCcA%3D%3D%0A" alt=""><figcaption><p>Example of FRENDS-Agent-Deploy.yaml file at volumes section.</p></figcaption></figure>

With these changes made to the secrets and deploy file, your Kubernetes configuration is ready to use your own SSL certificate.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.frends.com/guides/setup-and-installation/configuring-ssl-certificates-for-kubernetes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.