---
title: Enabling TLS support after setup
description: If the server has been set up without support for TLS, you can enable it after the fact by obtaining a certificate chain, configuring key and trust manager providers, and configuring connection handlers.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_security_guide:pd_sec_enable_tls_after_setup
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_enable_tls_after_setup.html
revdate: September 13, 2023
---

# Enabling TLS support after setup

If the server has been set up without support for TLS, you can enable it after the fact by obtaining a certificate chain, configuring key and trust manager providers, and configuring connection handlers.

The process for obtaining a certificate has already been discussed in depth. Use `manage-certificates` (or some other tool) to prepare a Java KeyStore (JKS) or PKCS #12 key store with an appropriate certificate chain and private key. You should also create a trust store for use by the server.