################
TLS Certificates
################

**WARNING: You should generate and use a TLS certificate signed by a trusted Certificate Authority**

Versions later than ``0.6.8.BETA`` will automatically generate a new **UNTRUSTED** and **self-signed** certificate when the server is started if a TLS certificate and TLS key are not provided.

To facilitate ease of use, a TLS X.509 private and public certificate is distributed with Merlin for versions less than ``0.6.8.BETA``. This allowed a user to start using Merlin right away. However, this key is widely distributed and is considered public knowledge. You should generate your own certificates and replace the default certificates that ship with Merlin. The default location for the certificates is the ``data/x509`` directory. The ``openssl`` command can be used from a Linux system to generate a key pair.

The following message is presented to alert the user that the distributed testing public key is in use:

``Merlin» [!] Insecure publicly distributed Merlin x.509 testing certificate in use for https server on 127.0.0.1:443``