# SSL/TLS
YuDash IoT gateways supports SSL/TLS secure communication for MQTT and HTTP protocol.
Following are typical steps to enable SSL/TLS security layer
1. Enable TLS/SSL within the cloud protocol settings.
2. Change the server port for TLS/SSL communication.
3. Upload server CA certificate in the IoT device.
{% hint style="info" %}
This documentation explains the TLS for CA signed server, which require a single pem file. For self signed TLS (involving pem, crt and key), refer to this [documentation](https://docs.yudash.com/device-to-cloud-api/cloud-protocols/ssl-tls/selfsigned).
{% endhint %}
### **SSL/TLS for MQTT**
1\) Enable "SSL/TLS" radio button in **MQTT Secure Layer**. Change the **MQTT port** pertaining to secure layer of server. This is typically 8883 for MQTT.
2\) Upload server CA certificate to IoT device. First, **Choose File** and select the .pem file from local computer. Then, click on **Load SSL/TLS File** which will load the file in the browser. Finally, click on **Write SSL/TLS file**, which will write the the file into the IoT device.
3\) Following message is shown when CA certificate file is written successfully.
{% hint style="info" %}
By default, the CA certificate for MQTT protocol is stored as file name /assets/mqtt\_cacert.pem within the YuDash IoT device.
{% endhint %}
### **SSL/TLS for HTTP**
1\) Enable "SSL/TLS" radio button in **HTTP Secure Layer**. Change the **HTTP port** pertaining to secure layer of server. This is typically 443 for HTTP
2\) Upload server CA certificate to IoT device. First, **Choose File** and select the .pem file from local computer. Then, click on **Load SSL/TLS File** which will load the file in the browser. Finally, click on **Write SSL/TLS file**, which will write the the file into the IoT device.
3\) Following message is shown when CA certificate is written successfully.
{% hint style="info" %}
By default, the CA certificate for HTTP protocol is stored as file name /assets/http\_cacert.pem within the YuDash IoT device.
{% endhint %}
