# OpenIPC Wiki [Table of Content](../README.md) How to install HTTPS certificates on your camera ------------------------------------------------ Make sure your camera is accessible from the Internet on both port 80 (HTTP) and port 443 (HTTPS). You might need to set up port forwarding on your router for that. ### Create an ACME account: __on camera:__ ```bash uacme -y -v new ``` ### Give your camera a FQDN Secure HTTP (Hypertext Transfer Protocol Secure, HTTPS) cannot be issued to a bare IP address, you need a Fully Qualified Domain Name (FQDN) for your camera. That is how your camera will be accessed over HTTPS. Create an account with any Domain Name Register and register a domain name, e.g. _mysuperduperdomain.com_. Set up a DNS zone for that domain name and create a record for your camera in that domain zone. ```console DNS Records mysuperduperdomain.com --------------------------------------- Type Host IP Address TTL A ipc-001 75.123.45.555 600 ``` where `75.123.45.555` is your public IP address. ### Set up port forwarding if your camera is behind NAT. Add port forwarding from port 80 of WAN interface to port 80 of your camera's local IP address. ```console 75.123.45.555:80 => 192.168.1.10:80 ``` If you have several devices on your network serving public HTTP requests then add your camera domain name to HTTP proxy. ### Issue a certificate for your domain: __on camera__: ```bash uacme -y -v -h /usr/share/uacme/uacme.sh -t EC issue ipc-001.mysuperduperdomain.com ``` ### Set up a local DNS record override You can add an override record to `/etc/hosts` file on your machine ```bash echo "192.168.1.10 ipc-001.mysuperduperdomain.com" >> /etc/hosts ``` or you could create a record on your local DNS server like [pi.hole](https://pi-hole.net/) so that anyone using that DNS server could have secure access to the camera, too. ### Restart majestic and test access Open your favorite web browser and go to