epam · sr-remsha · Nov 6, 2025 · alexey-ban · Nov 6, 2025
@@ -22,12 +22,48 @@ This instruction assumes that you are installing and configuring applications us
 
 ## General method of configuration
 
-AI DIAL helm chart contains various applications, and, to configure them, it is necessary to make corresponding changes to different sections of the **values** file.
+DIAL helm chart contains various applications, and, to configure them, it is necessary to make corresponding changes to different sections of the **values** file.
 
-To add environment variables to AI DIAL application, you can use either `env` or `secrets` section in specific components, e.g `core.env`, `openai.secrets`
+To add environment variables to a DIAL application, you can use either `env` or `secrets` section in specific components, e.g `core.env`, `openai.secrets`
 
 > Refer to the [helm chart repository](https://github.com/epam/ai-dial-helm/tree/main/charts/dial/examples) to view selected configuration examples.
 
+### Enabling Support for Private Certificate Authority or Self-Signed Certificate
+
+Java-based and NodeJS-based DIAL components require different configurations to support private CA or self-signed certificates.
+
+#### NodeJS-based components 
+
+For DIAL frontend components such as [DIAL Chat](https://github.com/epam/ai-dial-chat/blob/development/apps/chat/README.md) or [DIAL Admin frontend](https://github.com/epam/ai-dial-admin-frontend), set the `NODE_TLS_REJECT_UNAUTHORIZED` environment variable to allow connections to servers with self-signed or private CA certificates:
+
+```bash
+NODE_TLS_REJECT_UNAUTHORIZED: 0
+```
+> **Warning**: Setting `NODE_TLS_REJECT_UNAUTHORIZED=0` disables certificate validation for all outgoing HTTPS requests. Use this setting only in trusted environments, such as development or testing, as it introduces security risks in production.
+
+#### Java-based components
+
+This configuration applies to Java-based components such as [DIAL Core](https://github.com/epam/ai-dial-core), [DIAL Admin backend](https://github.com/epam/ai-dial-admin-backend), or any component using the `eclipse-temurin` Docker image as a base. This image includes a script to enable the use of self-signed or private CA certificates.
+
+To enable support for self-signed or private CA certificates:
+
+* Set the `USE_SYSTEM_CA_CERTS` environment variable to `true`.
+* Mount your private certificate(s) into the `/certificates` directory inside the container.
+
+Example Docker Compose configuration for DIAL Admin backend:
+
+```bash
+admin-backend:
+  image: ghcr.io/epam/ai-dial-admin-backend:latest
+  environment:
+    [redacted]
+    USE_SYSTEM_CA_CERTS: true
+  volumes:
+    /opt/ssl/YOUR_NON_PUBLIC_CERTIFICATE.crt:/certificates/YOUR_NON_PUBLIC_CERTIFICATE.crt
+```
+
+> **Note**: Replace `YOUR_NON_PUBLIC_CERTIFICATE.crt` with the actual filename of your certificate. Ensure that the certificate file(s) you mount are in PEM (Privacy Enhanced Mail) format (`.crt`). Multiple certificates can be mounted if needed.
+
 ## Core Parameters
 
 > Refer to the [AI DIAL Core](https://github.com/epam/ai-dial-core) to view a complete documentation.