Docs
View Categories

This guide explains how to enable HTTPS for ITMKit on a local area network (LAN) using a self-signed certificate.

When Do You Need This?

  • Your IT policy requires all web traffic to be encrypted
  • You want to use the in-browser QR scanner on mobile devices — browsers require HTTPS to access the camera
  • You are handling sensitive data and want an additional layer of protection

For most standard internal use, HTTP is sufficient and simpler to maintain.

How It Works

You generate a self-signed SSL certificate on the server. Because it is self-signed (not issued by a public authority like Let’s Encrypt), each device that connects must install and trust the certificate once.

Step 1: Generate a Self-Signed Certificate

Open Command Prompt on the ITMKit server and run:

cd C:\ITMKit
venv\Scripts\python scripts\generate_cert.py

This creates two files in C:\ITMKit\data\ssl\:

  • cert.pem — the certificate (distribute this to devices)
  • key.pem — the private key (keep this on the server only)

The certificate is valid for 10 years and includes the server’s IP address and hostname.

Step 2: Restart ITMKit with SSL

If running as a Windows Service:

nssm stop ITMKit
nssm set ITMKit AppParameters “main:app –host 0.0.0.0 –port 8000 –ssl-certfile data/ssl/cert.pem –ssl-keyfile data/ssl/key.pem”
nssm start ITMKit

If running manually:

venv\Scripts\uvicorn main:app –host 0.0.0.0 –port 8000 –ssl-certfile data/ssl/cert.pem –ssl-keyfile data/ssl/key.pem

Step 3: Update the Server URL

  1. Go to Admin → Settings → System → Network Access.
  2. Change the Protocol to HTTPS — LAN (self-signed).
  3. Click Save.

Step 4: Install the Certificate on Each Device

Do this once per device. After installation, the browser will show no security warning.

Windows (Chrome / Edge)

  1. Copy cert.pem from the server to the device. Rename it to cert.crt.
  2. Double-click the file → Install Certificate.
  3. Choose Local Machine → Trusted Root Certification Authorities.
  4. Click Finish and restart the browser.

iPhone / iPad (Safari)

  1. Transfer cert.pem to the device via AirDrop or email.
  2. Open the file — iOS prompts to install a profile.
  3. Go to Settings → General → VPN & Device Management → tap the profile → Install.
  4. Go to Settings → General → About → Certificate Trust Settings → enable full trust for the certificate.

Android (Chrome)

  1. Transfer cert.pem to the device.
  2. Go to Settings → Security → Encryption & credentials → Install a certificate → CA Certificate.
  3. Select the file and confirm.

Verify

Navigate to https://[server-ip]:8000 from a configured device. The padlock icon should appear in the address bar with no warning.

Troubleshooting

Browser shows “Not Secure” or certificate warning
The certificate has not been installed on this device. Repeat Step 4.

ITMKit does not start after adding SSL flags
Check that the paths to cert.pem and key.pem are correct and both files exist in C:\ITMKit\data\ssl.

Works on some devices but not others
Each device requires the certificate to be installed separately.

Note: About the generate_cert.py Script

The generate_cert.py script is included in ITMKit v1.0 and later. It is located at scripts\generate_cert.py inside your ITMKit installation folder.

If the script is missing from your installation, you may have an older version. Download the latest version of ITMKit from itmkit.com and copy the scripts\generate_cert.py file into your existing installation. No database changes are required.

The script uses Python’s cryptography library, which is included in ITMKit’s requirements. It does not require OpenSSL or any external tools.

Next Steps

→ Network Access Setup
→ HTTPS Setup — Public Internet (Reverse Proxy)

What are your Feelings

Back To Top