For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Blog
DocsAPI Reference
DocsAPI Reference
    • AIStore
    • Documentation
  • Core Documentation
    • In-depth Overview
    • Terminology and core abstractions
    • Getting Started
    • Networking model
    • Buckets: design, operations, namespaces, and system buckets
    • Observability overview
    • CLI overview
    • Production deployment
    • Technical Blog
  • APIs, SDKs, and Compatibility
    • Go API
    • Python SDK
    • PyPI package
    • Python SDK reference guide
    • PyTorch integration
    • TensorFlow integration
    • HTTP API reference
    • curl examples
    • Easy URL
    • S3 compatibility
    • s3cmd quick start
    • Presigned S3 requests
    • Boto3 support
  • Command-Line Interface
    • CLI overview
    • ais help
    • CLI reference guide
    • Bucket operations
    • Cluster and remote-cluster management
    • Storage and mountpath management
    • Monitoring and ais show
    • Downloads
    • Jobs
    • Authentication and access control
    • Configuration via CLI
    • ETL CLI
    • Distributed shuffle CLI
    • ML / get-batch CLI
    • GCP credentials
    • TLS certificate management
  • Storage and Data Management
    • Storage services
    • Buckets: design, operations, namespaces, and system buckets
    • Native Bucket Inventory (NBI)
    • Backend providers
    • On-disk layout
    • Virtual directories
    • System files
    • Evicting remote buckets and cached data
  • Cluster Operations
    • Node lifecycle: maintenance, shutdown, decommission
    • Global rebalance
    • Resilver
    • AIS in Containerized Environments
    • Highly available control plane
    • Information Center (IC)
    • Out-of-band updates
    • Troubleshooting
  • Configuration and Security
    • Configuration
    • Environment variables
    • Feature flags
    • AuthN and access control
    • Authentication validation
    • HTTPS and certificates
    • Switching a cluster to HTTPS
  • ETL and Advanced Workflows
    • ETL overview
    • ETL CLI docs
    • ETL Python SDK examples
    • Custom transformers
    • ETL Python webserver SDK
    • ETL Go webserver package
    • Archives: read, write, and list
    • Distributed shuffle (dsort)
    • Initial sharding utility (ishard)
    • Downloader
    • Blob Downloader
    • Batch object retrieval (get-batch)
    • Batch operations
    • Tools and utilities
    • Extended actions (xactions)
  • Observability, Monitoring, and Performance
    • Observability overview
    • Monitoring with CLI
    • Logs
    • Prometheus integration
    • Metrics reference
    • Grafana dashboards
    • Kubernetes monitoring
    • Distributed tracing
    • Monitoring get-batch
    • AIS load generator (aisloader)
    • Benchmarking AIStore
    • Performance tuning and testing
    • Performance monitoring via CLI
    • Rate limiting
    • Checksumming
    • Filesystem Health Checker (FSHC)
    • Traffic patterns
  • Networking
    • Networking: multi-homing, network separation, IPv6
    • HTTPS configuration
    • Switching to HTTPS
    • Idle connections
    • MessagePack protocol
  • Deployment
    • AIStore on Kubernetes
    • Kubernetes Operator
    • Ansible playbooks
    • Helm charts
    • Deployment monitoring
    • Docker
  • Developer Resources
    • Development guide
    • aisnode command line
    • Build tags
  • Object and Bucket Naming
    • Unicode and special symbols in object and bucket names
    • Extremely long object names
Blog
NVIDIANVIDIA
Developer-friendly docs for your API
Privacy Policy | Your Privacy Choices | Terms of Service | Accessibility | Corporate Policies | Product Security | Contact

Copyright © 2026, NVIDIA Corporation.

LogoLogoAIStore
On this page
  • From HTTP to HTTPS
  • From HTTPS back to HTTP
Configuration and Security

Switching a cluster to HTTPS

||View as Markdown|
Previous

HTTPS and certificates

Next

ETL overview

Here’s a quick sequence with detailed comments inline.

But first:

Operational note: As with any cluster-wide configuration change that rebuilds cluster metadata (e.g., cluster map a.k.a. Smap), it is good practice to periodically back up cluster-level metadata (BMD, Smap, configuration). This is not specific to HTTP <=> HTTPS.

From HTTP to HTTPS

This assumes that X.509 certificate already exists and the (HTTP-based) cluster is up and running. All we need to do at this point is switch it to HTTPS.

1# step 1: reconfigure cluster to use HTTPS
2$ ais config cluster net.http.use_https true
3
4# step 2: add information related to certs
5$ ais config cluster net.http.skip_verify true
6$ ais config cluster net.http.server_key <path-to-cert>/cert.key
7$ ais config cluster net.http.server_crt <path-to-cert>/cert.crt
8
9# step 3: shutdown
10$ ais cluster shutdown
11
12# step 4: remove cluster map - all copies at all possible locations, for example:
13$ find ~/.ais* -type f -name ".ais.smap" | xargs rm
14
15# step 5: restart
16$ make kill cli deploy <<< $'6\n6\n4\ny\ny\nn\n'
17
18# step 6: optionally, run aisloader
19$ AIS_ENDPOINT=https://localhost:8080 aisloader -bucket=ais://nnn -cleanup=false -numworkers=8 -pctput=0 -randomproxy
20
21# step 7: optionally, reconfigure CLI to skip X.509 verification:
22$ ais config cli set cluster.skip_verify_crt true
23
24# step 8: run CLI
25$ AIS_ENDPOINT=https://127.0.0.1:8080 ais show cluster
26
27$ AIS_ENDPOINT=https://127.0.0.1:8080 ais archive gen-shards "ais://abc/shard-{001..999}.tar.lz4"
28Shards created: 999/999 [==============================================================] 100 %
29
30$ export AIS_ENDPOINT=https://localhost:8080
31
32$ ais ls ais://abc --summary
33NAME           PRESENT         OBJECTS         SIZE (apparent, objects, remote)        USAGE(%)
34ais://abc      yes             999 0           5.86MiB 5.20MiB 0B                      0%
35...
36...

NOTE: localhost:8080 (above) can be replaced with any legitimate (http or https) address of any AIS gateway. The latter may - but not necessarily have to - be specified with the environment variable AIS ENDPOINT.

From HTTPS back to HTTP

1# step 1: disable HTTPS
2$ AIS_ENDPOINT=https://127.0.0.1:8080 ais config cluster net.http.use_https false
3
4# step 2: shutdown (notice that we are still using HTTPS endpoint)
5$ AIS_ENDPOINT=https://127.0.0.1:8080 ais cluster shutdown -y
6
7# step 3: remove cluster maps
8$ find ~/.ais* -type f -name ".ais.smap" | xargs rm
9
10# step 4: restart
11$ make kill cli deploy <<< $'6\n6\n4\ny\ny\nn\n'
12
13# step 5: and use
14$ ais show cluster