• Get an SSL certificate with Private Key Create self-signed Certificate
  • Convert PEM to PKCS#12
  • Load the certificate in Personal store of the Local System (
  • Copy the Hash/thumbprint of the certificate ( Thumbprint will contain spaces. Copy thumbprint to clipboard as is.

Enabling SSL

  1. Go to Settings -> General
  2. Show advanced options
  3. Enable SSL, set the SSL port and certificate hash (Sonarr will remove all spaces from the hash as they are not required).
  4. Stop Sonarr servers or kill NzbDrone.exe or NzbDrone.Console.exe process.
  5. Ensure that server is started in Run as Administrator mode which allows it regiser SSL URL and certificate with Windows.
  6. Verify SSL connectivity
  7. If Sonarr server is still not listening on SSL port, then follow the workaround mentioned in this thread.

Linux / OS X


  • Windows PC. The conversion tool only works there. OpenSSL 1.0.0 and up should be able to do it, but it needs to be done without a pass phrase, currently (version 1.0.1l) this is not possible.
  • SSL certificate and corresponding private key (create self-signed certificate).

Converting .key to .pvk

  1. Download the PVK Conversion Tool (near the bottom) and extract it.

  2. Run pvk.exe via Command Prompt:

    pvk.exe -in yourdomain.key -topvk -nocrypt -out yourdomain.pvk

  3. Load the certificate with httpcfg (comes with mono):

    httpcfg -add -port <SSL_PORT> -pvk yourdomain.pvk -cert yourdomain.crt

    Replace <SSL_PORT> with the SSL port you set in Sonarr.

Enabling SSL

  1. Enable SSL on Settings -> General (enable advanced settings first).
  2. Restart Sonarr.
  3. Verify!