***

title: SslConfig
slug: /reference/typescript/agents/configuration/ssl-config
description: SSL/TLS configuration for HTTPS serving with HSTS support.
max-toc-depth: 3
---------------------

For a complete index of all SignalWire documentation pages, fetch https://signalwire.com/docs/llms.txt

[isconfigured]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/is-configured

[getcert]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-cert

[getkey]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-key

[gethstsheader]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-hsts-header

[getserveroptions]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-server-options

[hstsmiddleware]: /docs/server-sdks/reference/typescript/agents/configuration/ssl-config/hsts-middleware

[env-vars]: /docs/server-sdks/reference/typescript/agents/configuration/environment-variables

`SslConfig` manages SSL/TLS configuration for serving agents over HTTPS. It reads
from explicit options or falls back to environment variables (`SWML_SSL_ENABLED`,
`SWML_SSL_CERT_PATH`, `SWML_SSL_KEY_PATH`, `SWML_SSL_DOMAIN`). See
[Environment Variables][env-vars] for the full list.

```typescript {3}
import { SslConfig } from '@signalwire/sdk';

const ssl = new SslConfig({ certPath: './cert.pem', keyPath: './key.pem' });
```

## **Properties**

<ParamField path="enabled" type="boolean" toc={true}>
  Whether SSL is enabled. Falls back to `SWML_SSL_ENABLED` env var.
</ParamField>

<ParamField path="certPath" type="string | null" toc={true}>
  Filesystem path to the PEM-encoded certificate. Falls back to `SWML_SSL_CERT_PATH`.
</ParamField>

<ParamField path="keyPath" type="string | null" toc={true}>
  Filesystem path to the PEM-encoded private key. Falls back to `SWML_SSL_KEY_PATH`.
</ParamField>

<ParamField path="domain" type="string | null" toc={true}>
  Domain name for HSTS headers. Falls back to `SWML_SSL_DOMAIN`.
</ParamField>

<ParamField path="hsts" type="boolean" default="true" toc={true}>
  Whether to emit Strict-Transport-Security headers.
</ParamField>

<ParamField path="hstsMaxAge" type="number" default="31536000" toc={true}>
  HSTS max-age value in seconds (default 1 year).
</ParamField>

## **Methods**

<CardGroup cols={3}>
  <Card title="isConfigured" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/is-configured">
    Check if SSL is fully configured with cert and key files.
  </Card>

  <Card title="getCert" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-cert">
    Read the PEM certificate from disk.
  </Card>

  <Card title="getKey" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-key">
    Read the PEM private key from disk.
  </Card>

  <Card title="getHstsHeader" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-hsts-header">
    Build the HSTS header value.
  </Card>

  <Card title="getServerOptions" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/get-server-options">
    Create options for Node.js https.createServer().
  </Card>

  <Card title="hstsMiddleware" href="/docs/server-sdks/reference/typescript/agents/configuration/ssl-config/hsts-middleware">
    Hono middleware that appends HSTS headers.
  </Card>
</CardGroup>

## **Example**

```typescript {3,6-7}
import { SslConfig } from '@signalwire/sdk';

const ssl = new SslConfig();

if (ssl.isConfigured()) {
  const opts = ssl.getServerOptions();
  console.log('SSL ready with cert and key');
} else {
  console.log('SSL not configured — set SWML_SSL_ENABLED=true');
}
```