Two-way SSL provides a way to encrypt communication between Ambari Server and Ambari Agents. By default Ambari ships with Two-way SSL disabled. To enable Two-way SSL:
| ![[Important]](../common/images/admon/important.png) | Important | 
|---|---|
| Ambari Server should not be running when you do this: either make the edits before you start Ambari Server the first time or bring the server down to make the edits. | 
- On the Ambari Server host, open - /etc/ambari-server/conf/ambari.propertieswith a text editor.
- Add the following property: - security.server.two_way_ssl = true 
- Start or restart the Ambari Server. - ambari-server restart 
The Agent certificates are downloaded automatically during Agent Registration.


