Setup SSL

SSL provides end-to-end encryption for all Yak Engine traffic between the browser and nodes, ensuring secure communication. Enabling SSL requires a PEM-format certificate containing both the private and public keys. If SSL is enabled but no certificate files are found, the Yak will automatically generate one for you. However, because this certificate is self-signed and not issued by a trusted Certificate Authority, your browser will display a security warning indicating that it cannot be trusted.

1️⃣ Place certificate in same folder as yak.exe

Place your PEM certificates into the same folder as yak.exe and rename them:

yak-cert.pem -> The public key yak-key.pem -> The private key

1️⃣ Start with flag --enable_ssl

Tell the yak to use SSL by providing --enable_ssl in the command line

Why is my browser telling me the certificate cannot be trusted?

If your browser warns that the certificate cannot be trusted, it’s because the certificate was not issued by a recognized Certificate Authority. Typically, you’ll need to purchase a certificate from a trusted provider and verify ownership of your domain.

For a free alternative, you can use Let’s Encrypt, which offers domain-validated SSL certificates at no cost. However, you’ll need to set up your own renewal and verification process — this often involves automating domain validation through your DNS provider’s API.