diff --git a/addons/docker_scripts/down_and_up.sh b/addons/docker_scripts/down_and_up.sh
old mode 100644
new mode 100755
diff --git a/addons/documentation/how_to.md b/addons/documentation/how_to.md
index 1ce8fdd..0195f82 100644
--- a/addons/documentation/how_to.md
+++ b/addons/documentation/how_to.md
@@ -9,6 +9,7 @@ Tips for the common operations you may need to do with the docker environment.
 - [PHP](#php)
   - [Change PHP settings](#change-php-settings)
   - [Change XDebug settings](#change-xdebug-settings)
+  - [Change MariaDB client settings](#change-mariadb-client-settings)
   - [Add a new php version](#add-a-new-php-version)
 - [Web Server](#web-server)
   - [Change the webserver](#change-the-webserver)
@@ -27,6 +28,9 @@ Tips for the common operations you may need to do with the docker environment.
   - [MySQL](#mysql)
     - [Connect from host](#connect-from-host-1)
     - [Edit configuration](#edit-configuration-2)
+  - [Activate secured connection](#activate-secured-connection)
+    - [TLS/SSL](#tlsssl)
+    - [Certificate validation](#certificate-validation)
 - [Adminer](#adminer)
   - [See database data](#see-database-data)
 - [MailPit](#mailpit)
@@ -86,6 +90,10 @@ You may also want to have a specific init file for a php version, you have to ov
 > [!NOTE]
 > Browse [XDebug settings](https://xdebug.org/docs/all_settings) for more information.
 
+### Change MariaDB client settings
+Modify the `client.cnf` file in the php conf directory then restart the container.\
+Note that this file is used by both MariaDB and MySQL clients.\
+
 ### Add a new php version
   * Duplicate a php section in `docker-compose.yml` then run `docker compose up -d`.\
   * Bind a port in the web server then edit the server configuration to add a new virtual host.\
@@ -183,22 +191,36 @@ Just set a new value to the `DATA_FOLDER` variable.
 > [!NOTE]
 > A folder is mount from the host (data/dbdump) in data folder to the database container (/tmp/dbdump).
 
-#### Import
-Connect to the database container with `docker exec -it <container> bash` then use the command line to import your dump.
+#### Import from database container
+You can put the dump file from the docker host in the `data/dbdump` folder then connect to the database container with `docker exec -it <container> bash` and use the command line to import your dump.
 
 ```bash
 mariadb --user <user> --password <database_name> < /tmp/dbdump/dump_file.sql
 ```
 
-#### Export
-Connect to the database container with `docker exec -it <container> bash` then use the command line to import your dump.
+#### Import from docker host
+You can directly import the dump file from the host with the following command:
+
+```bash
+docker exec -i <mariadb|mysql> <mariadb-dump|mysqldump> -u <user> -p <database_name> < data/dbdump/dump_file.sql
+```
+
+#### Export from database container
+Connect to the database container with `docker exec -it <container> bash` then use the command line to export your dump then you can find the dump file from the docker host in the `data/dbdump` folder.
 
 ```bash
 mariadb-dump --user <user> --password <database_name> > /tmp/dbdump/dump_file.sql
 ```
 
-> > [!IMPORTANT]
-> mysql-dump is lot longer available in the mariadb container, you have to use `mariadb-dump` instead.
+#### Export from docker host
+You can directly export the dump file from the host with the following command:
+
+```bash
+docker exec -i <mariadb|mysql> <mariadb-dump|mysqldump> -u <user> -p <database_name> > data/dbdump/dump_file.sql
+```
+
+> [!IMPORTANT]
+> mysqldump is lot longer available in the mariadb container, you have to use `mariadb-dump` instead.
 
 ### MariaDB
 
@@ -216,6 +238,51 @@ According to the port defined in the `docker-compose.yml`, you can connect to th
 #### Edit configuration
 Modify the `my.cnf` file in the MySQL conf directory then restart the container.
 
+### Activate secured connection
+If you want to activate secured connection to your database.
+
+> [!NOTE]
+> Adminer is already configured to connect to the database with SSL, so no need to change its configuration.
+
+#### TLS/SSL
+Activate the flag `require_secure_transport = ON` in the corresponding `my.cnf` file from the database conf directory then restart the container.\
+You also need to set `db_tls.enabled' => true` in iTop configurations.
+
+> [!CAUTION]
+> When you make backup from iTop with SSL on a MySQL server, you will get an error "--ssl-mode is not recognized" because iTop use a mySQL parameter on a MariaDB client.\
+In that case, you will need to perform the dump as describes in the [Import/Export database dump](#importexport-database-dump) section.
+
+#### Certificate validation
+Validate secured connection with a certificate to be sure that you are connecting to the right.
+
+On MariaDB, to force the validation of a certificate, set the flag `ssl_verify_client_cert = ON` in the corresponding `my.cnf` file from the database conf directory then restart the container.\
+However, this seems to not be fully compatible with the MariaDB docker image.
+
+For MySQL or if you want to have a workaround for MariaDB,
+you can force certificate validation for a specific user by creating it with the `REQUIRE X509` option in your database.\
+
+```sql
+CREATE USER 'secure_user'@'%' IDENTIFIED BY 'password' REQUIRE X509;
+GRANT ALL PRIVILEGES ON *.* TO 'secure_user'@'%' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+```
+
+### Change user password
+
+```sql
+ALTER USER 'root'@'%' IDENTIFIED BY 'password';
+FLUSH PRIVILEGES;
+```
+
+
+To use certificate in iTop, set the `'db_tls.ca' => '/etc/database/certs/ca.pem',` in iTop global configuration.
+
+> [!NOTE]
+> The certificate provided in the `conf/certs/database` folder is targeted for mysql container, so you may have `Peer certificate CN=mysql' did not match expected CN=`mariadb'` error in iTop with mariadb.
+
+> [!WARNING]
+> Certificate validation is not fully implemented in iTop.
+
 ## Adminer
 
 ### See database data
diff --git a/build/default_configuration/adminer/plugins-enabled/enable-ssl.php b/build/default_configuration/adminer/plugins-enabled/enable-ssl.php
new file mode 100644
index 0000000..176d2fc
--- /dev/null
+++ b/build/default_configuration/adminer/plugins-enabled/enable-ssl.php
@@ -0,0 +1,31 @@
+<?php
+require_once('plugins/login-ssl.php');
+
+/**
+ * @param string $name
+ * @return string
+ */
+function required_env($name) {
+    $value = getenv($name);
+    if ($value === false || $value === '') {
+        throw new RuntimeException("Missing required environment variable: " . $name);
+    }
+
+    return $value;
+}
+
+$key = required_env('DB_SSL_KEY');
+$cert = required_env('DB_SSL_CERT');
+$ca = required_env('DB_SSL_CA');
+
+/**
+ * @param array array("key" => filename, "cert" => filename, "ca" => filename)
+ */
+return new AdminerLoginSsl(
+    $ssl = [
+        'key' => $key,
+        'cert' => $cert,
+        'ca' => $ca,
+        'verify' => false,
+    ]
+);
\ No newline at end of file
diff --git a/build/default_configuration/certs/database/ca-key.pem b/build/default_configuration/certs/database/ca-key.pem
new file mode 100644
index 0000000..64d7be0
--- /dev/null
+++ b/build/default_configuration/certs/database/ca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpHm2Aeb4Rn8ke
+X4JSL+inGCVdLoDc9Ssy/qK7xTYqV5iscR1R07ZCHk/+r9icXY2I3HqxW64wAlCH
+/hHGMmF/dbN8CrNsB0GGU7mne2G+dHpYUKcjbP7jv8+RcCczRG3xz2t5WWaM0KmF
+DuJdBWVt/NMWAFD9ghMt0PThNOkHCYyg6z+cbkXypKJuQzi6Evpm3otH1k45PnAr
+fQgvHrYJVf1JqzOydzPwy5h8JSLIrf/EYgcddHVeRzI6SO+OJNvI76h1QO7pbgcn
+c1rqFJTcsPlrj59JZsmq6twbbtd1JYnRy6BpunSxUS0yMiBeHRSJK//Q23Cc37K0
+P2BT1rcPAgMBAAECggEACLbhq5oaWiwin+cJ/xQq59lNq5SG3VvgwvruBcDuvpXO
+7yvQ9/Nx08xeEOCcx8nmTiQWSmdP/XdREQDdh5n2/itheUXP4wQoszRDP8cSzU6R
+M1XMlv250KCEoJjn3DNteuVWQ2WA7EagRZPzxBlQFa/ObLbNdZKrTFQVGjmwvEUD
+KMrGicCoSZ4TP9tt+cnB3e2K7qOlH2C+6lCkaC/Z6Ee/T+F2prmD4xVX459H9/dU
+/4g/20BFOKQYR7Yijf4VyZew+5B2Xj69VEbJKk/2VM/dM4vNnJNZTaccuqIo9Wl2
+zAo1Qe5JWGFvn0d6ydWtMbIjjE6BL61x39twhAkPkQKBgQDkyHbal9dtw3+8Z4zI
+1RWhoAsKXtsAwzstU7WInYLLsrq31PQ/5BhmYBxzR4YkiTcUFzZNliWKpMC9phXA
+t5G8xgwc3+a6H6vV5pMy6TKm3h0Mn0mw9vL9cDgEtE0+Rkz0Tx/J45Ij5jC4/xF8
+k8sc2kOeHUXhaBIMPllEwDeOmQKBgQC9POdeYffzOfT/p3KaQQobxqS9xO36hsar
+TNvV7QM7q08dwuN8jC2iO+ogDaS1rpMfnU7yCuZEfKDXmPG9zOYSEp7SEIFAfAxd
+JPhOIHv/EXBe2zTwMEQzQDN08u15YGRHxSdOD6FIVAz4p/AxrVOiEaivchVBt7/2
+kMlZP1tD5wKBgQDj9KoYXDsW7ziTbUnlwgtvo5vclW75b43DOCklGmx8snVBPjqw
+foGhYBp48sdCGEZ9CjPdUsHNRyOU06vQ/heEVIE1NBMdWPlKhBgfHiSOB7pCHWS7
+oxOyWuI2LcDZUArVUxGFg+7VPkNF0UCHNGupMAE3xksesSdqc6VWz3+L4QKBgHvN
+6KC6/3jFJiBL8JIykuZxIz50JC2PF1LiycA/e6oB/ZS++A13uDM3d4jY5DVorSA1
+znxT3SpZTvE+QommD68rN3S/D5Ccl4oosbqLThQl2Jp2Vz/8k+Hj0sZkWDDcez7p
+ITnUx/OF6aaUWHRnrRuO6gk+XeHM0W4Cc3hMFu1pAoGBAORT+sBVRK82krDC3S2f
+5f+CzCIAku0tx1wiRcJk9TMQwqlDSb5DgfqyrnvXQNz5afkOnYt3j3naQdDS8qux
+gWEjxFhNK6K9C3J+YuzqaXaMEH6qxIhxrpYATGWSJBtXldytOAc8vEIhqSf3gFH9
+kJZUFZgmTlYoHLV40JEYeB8d
+-----END PRIVATE KEY-----
diff --git a/build/default_configuration/certs/database/ca.pem b/build/default_configuration/certs/database/ca.pem
new file mode 100644
index 0000000..0987b81
--- /dev/null
+++ b/build/default_configuration/certs/database/ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBzCCAe+gAwIBAgIURR65rn10qrL3Vq3BHMl5TT7K3RMwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwITXlTUUwtQ0EwHhcNMjYwNDI4MDc0NzUyWhcNMzYwNDI1
+MDc0NzUyWjATMREwDwYDVQQDDAhNeVNRTC1DQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAKkebYB5vhGfyR5fglIv6KcYJV0ugNz1KzL+orvFNipXmKxx
+HVHTtkIeT/6v2JxdjYjcerFbrjACUIf+EcYyYX91s3wKs2wHQYZTuad7Yb50elhQ
+pyNs/uO/z5FwJzNEbfHPa3lZZozQqYUO4l0FZW380xYAUP2CEy3Q9OE06QcJjKDr
+P5xuRfKkom5DOLoS+mbei0fWTjk+cCt9CC8etglV/UmrM7J3M/DLmHwlIsit/8Ri
+Bx10dV5HMjpI744k28jvqHVA7uluBydzWuoUlNyw+WuPn0lmyarq3Btu13UlidHL
+oGm6dLFRLTIyIF4dFIkr/9DbcJzfsrQ/YFPWtw8CAwEAAaNTMFEwHQYDVR0OBBYE
+FKf+2UqjzRcI2Bz4dBmWY6amL6wRMB8GA1UdIwQYMBaAFKf+2UqjzRcI2Bz4dBmW
+Y6amL6wRMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFnIOjs+
+Ixl5pdXex2esScqBW4FKkhmWJgBsb9z7OEvLJkZhk2bqJ8aJDTOZOFFP26ucFj6B
+O3LkwaeHJonsusAWMRvoXqT8I5H/AQvDuDtpK95FbNfGij09e/L2EnF5MmQrNQGB
+q7W9G6E4zVtn7sTYZyU31rk9uStHaqyvoTPtoo1rjehI8GVrOfYhu+E3blVH259Z
+5H+CU2DmW6efVwxLCj700eCKsqnM4nl5qoTGp7V5Rm1NQg6ev2sp+7x/4UjX8Mg+
+adGrW56gXldlw3ZhjGJSao7oT6EITU498nZglAWCdLPBDhSCHvWLEN8Dv26fbzum
+ZrqAvLREkM/eoF8=
+-----END CERTIFICATE-----
diff --git a/build/default_configuration/certs/database/ca.srl b/build/default_configuration/certs/database/ca.srl
new file mode 100644
index 0000000..895cb9d
--- /dev/null
+++ b/build/default_configuration/certs/database/ca.srl
@@ -0,0 +1 @@
+5FD490D27A0A93E81E4058F01B88EC6A5250CEC9
diff --git a/build/default_configuration/certs/database/client-cert.pem b/build/default_configuration/certs/database/client-cert.pem
new file mode 100644
index 0000000..cd893df
--- /dev/null
+++ b/build/default_configuration/certs/database/client-cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFF/UkNJ6CpPoHkBY8BuI7GpSUM7JMA0GCSqGSIb3DQEBCwUAMBMx
+ETAPBgNVBAMMCE15U1FMLUNBMB4XDTI2MDQyODA3NDg0MVoXDTM2MDQyNTA3NDg0
+MVowFTETMBEGA1UEAwwKcGhwLWNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALi2ZGgze+L3igDaa512IXz8++xBrmmJg5QiUcsVVE47KdmrVXaS
+gPYB1yS8vhvW8ewfR+pKykJa9bQ8pnVTe8JEogt54hJFjVWh3tCU4h4iGLfjY23B
+S9an5IDLdoh7o02kxgsr6EVzKYNpPZh2LIIs9FyYoJ08iJ74fi/7Fmu+/8mnvSWS
+rwoGVtOb6KbH1Wwqc6FeiHBIf9ae73+8Soy3vO6qJqJRu/USn+V/nB8A7tzXTrTX
+7Ru6Ku4u6lk5geTdZrhXA093JaWCeXbDPNnUWAdjkCPuejO1XZEBBLa3GqVaY+8f
+LrDYZvudXTfpmEdgotxZ0ZkOe6hrBKa8zDUCAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAd+CsTWJX14Hs+yKWOyHLLFxZF349ssfwi6V0pwsLaWmgwSYWTTqYT9W+tq8m
+mScbE/gdUyYFqvdQBZ0XjCsIqsvX5CNkvxmeuEJ58GZllidBAnwvzg9X7UFZBWI2
+F+Tv+TvbiojdT49glFSrpcwR61W97SfRbCwOErY2+YTTo854ngJ7YcIp9pelwRUF
+7Hg7rchUb+9Z5l/74hsL/F9GsC3gEjhgI5ygvCdJAznFHu4xwvAPzeaZT1iQkkil
+9nsuyApCFA0U66Bz39R+0ThgaGsmPJevPB/DJUy6DQWcKDoiHCY8c6/9w2ScS+VN
+fVsIyAMt4HR/yrhqHJeG+SjLDw==
+-----END CERTIFICATE-----
diff --git a/build/default_configuration/certs/database/client-key.pem b/build/default_configuration/certs/database/client-key.pem
new file mode 100644
index 0000000..4c36c63
--- /dev/null
+++ b/build/default_configuration/certs/database/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC4tmRoM3vi94oA
+2muddiF8/PvsQa5piYOUIlHLFVROOynZq1V2koD2AdckvL4b1vHsH0fqSspCWvW0
+PKZ1U3vCRKILeeISRY1Vod7QlOIeIhi342NtwUvWp+SAy3aIe6NNpMYLK+hFcymD
+aT2YdiyCLPRcmKCdPIie+H4v+xZrvv/Jp70lkq8KBlbTm+imx9VsKnOhXohwSH/W
+nu9/vEqMt7zuqiaiUbv1Ep/lf5wfAO7c10601+0buiruLupZOYHk3Wa4VwNPdyWl
+gnl2wzzZ1FgHY5Aj7noztV2RAQS2txqlWmPvHy6w2Gb7nV036ZhHYKLcWdGZDnuo
+awSmvMw1AgMBAAECggEAIXgTG3pwsUCPRfZN15tHGCGy+C0ykDb1m4rYbUbxHrfD
+rohIFRMYwPq2ZBa7D8pTzaghXMeufHWE3eK7erjkzN+oyRGNsCfgIysQd5Tyn+kn
+t3JBWurSdhO36Mp1MOfOQExiAjYzgRoL5J7WJWEMUY4ZvQl+2N7WFpAKNWF2v5Dt
+eVTKOAufVo9PrQ/GLAceZlevef4yfsQxKjhdmjZpq4Zae8EpwlqU/6Sclod3pgHV
+/CTxtgepWYWDhrssLBkO9URvvBndumGi/PqymacKbvVr3Tl7bOZFW4owTqDOCQBu
+LvNA5LPmiCendFzWRdn4t7ZAWymv1wODUfnsrgbbgQKBgQD+j7Nql+JHYebUfo2R
+pgaKQGrHrIqF/hOvSc7u/ZlMnFeB9TiTvfWhr6PTtgoXD5VoW6IEojlep7vFqLFl
+qNJqyUWYrRQrNlIWH2CMvorhHGVgYYL7wHUKi3LlXFieA12wZCiett/sq01xBbVV
+oy0OipANi60Zo0g2ksKuQCHzIQKBgQC5waJTcN6d5Hif1kOrRutzoAe42tuhajGK
+EYLvs8jAzVgEQhRuv/ZzFbvMI6TmctWntE1JUZp+0daTvreC2c947jSCV7bJQtRy
+nMDm06ZHu/h9L2i/Mb8xJLkgpDeupLkVwtWMkQbmh1xGWX9ft2V0FCV/k2rAWj+M
+IP3i+xsKlQKBgQDpnRcai6itubsM59ckAymdVuCnvkCiFzoZc7LkwPcex5vHODRj
+4cC6UWYXtMgtwa9rxiw59GaR53z7OIUUtonkVjH4m14XChLrGoCQqYzqahTfDp4W
+S9kdhDw9ITJyUMR6THC6tzlpCQxY3NQ9czK2VZM92yFQlfh/nM/s+g4uAQKBgGvi
+gVOy9yh+3GwAtpaQfwlNhY6gVfUexxzoZMKxCUSpPphihJl6FjnrAoJipVBOm7Zm
+KokNwwwq9VQj7VMrC6uxtX+KUBf+H4NddU/a1vVMv9p9IXoB+4ggSwEhP1HIS9LO
+sNaOGJLlRPt62VaPHnZXiRvaU6LaB5RsSOh+bMstAoGBAMILy7x9+5JsuuJVctXb
+oA2PUh8t2jyyV4e6SPbu6UpX2T9jf0ZVenBS8WByet6LrD43mI9QovAcA/ub/xO1
+x0rSHWDMICveahFQHK4LBToIUbylywnWIkad+xFnHUX/qnIX7ZCe+upHO90QlNsz
+wNdtSH+sNnQ3iehk5BQtIy+v
+-----END PRIVATE KEY-----
diff --git a/build/default_configuration/certs/database/client-req.pem b/build/default_configuration/certs/database/client-req.pem
new file mode 100644
index 0000000..6d7c155
--- /dev/null
+++ b/build/default_configuration/certs/database/client-req.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICWjCCAUICAQAwFTETMBEGA1UEAwwKcGhwLWNsaWVudDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALi2ZGgze+L3igDaa512IXz8++xBrmmJg5QiUcsV
+VE47KdmrVXaSgPYB1yS8vhvW8ewfR+pKykJa9bQ8pnVTe8JEogt54hJFjVWh3tCU
+4h4iGLfjY23BS9an5IDLdoh7o02kxgsr6EVzKYNpPZh2LIIs9FyYoJ08iJ74fi/7
+Fmu+/8mnvSWSrwoGVtOb6KbH1Wwqc6FeiHBIf9ae73+8Soy3vO6qJqJRu/USn+V/
+nB8A7tzXTrTX7Ru6Ku4u6lk5geTdZrhXA093JaWCeXbDPNnUWAdjkCPuejO1XZEB
+BLa3GqVaY+8fLrDYZvudXTfpmEdgotxZ0ZkOe6hrBKa8zDUCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQB111oDanSq2UMJPNAkIP9Y5gcPCrQsn+IrNstQkGnDIUbq
+g6h8va6TurU0973n/usQrgeRmQ7B5U+xVx4WOlJ+F08YBa3leS3+yjlg6QD8I2Uq
+rvjlJQ8WlJL1vBA0KB+B+qNg8I+r91J7Q1qhTZ9O+XvYZStlFSMsZzJJfdtuBGqT
+aL92V7UQ8Dkw7528ePPIodfHBpyxH7CcUf/7XV3FAEXpA4B/5Zhj9V0QefUsreaE
+meN6NxeEkVEQTuuMiZ7CecM6Tqn6PCz5zl4Sqth8Rt7IeFUtm8dj7uXXX/kiKiID
+bKoPLW+YK/sB4myLRxNCS8Z5VzB5Yx65PsPbcpJL
+-----END CERTIFICATE REQUEST-----
diff --git a/build/default_configuration/certs/database/server-cert.pem b/build/default_configuration/certs/database/server-cert.pem
new file mode 100644
index 0000000..d3132f6
--- /dev/null
+++ b/build/default_configuration/certs/database/server-cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZICFF/UkNJ6CpPoHkBY8BuI7GpSUM7IMA0GCSqGSIb3DQEBCwUAMBMx
+ETAPBgNVBAMMCE15U1FMLUNBMB4XDTI2MDQyODA3NDgxNloXDTM2MDQyNTA3NDgx
+NlowEDEOMAwGA1UEAwwFbXlzcWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCg8bWnm5ld3N9PbYg00E4Z5KCtUz5FBBBJo6UTUO7rRufkOnLeB7RFwk9b
+zjnhciGvE25q/ggU8IyqqK+otNGSrKYd7EGjAmMZsd6mMD56/kECriK9hWmH2FAK
+bA0GiTDhsw1T7FgpHMMPn1EP5IPLBd0AGr7ZfinkW4VhokQpV7yN4fvWHBID3aXY
+lsyd+KcDpZNupvpI2tM+2Hf+Xzei7lElASRy9TnD6u0Ua6v6MDjiCSUSu0WqgBGS
+nodYgfPiJ9n7QFF5+a5b1tF+EJxoG2z3KQ8hJpSXXL36eIfRLvrnVpdp8tRFQl7T
+wwNFHqV8ulzmPHqnVn8gLLWGyCq7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAANo
+Kmh3DmPxBkxFy+ePS1wpXujY11xoUphbEb7KBjEl9pZzdqYZbZBqVMYcF+u05lrG
+R1Ntrl58wJmQ+etZPpIyWimnhTRZ77qdYAPd5W9axVxEAVA5LCrDFRA3NWx3xhI9
+RpkYLMSlYcQVD3EWjvjh02wkc/dtLR+EoWkb0BksZoowvS7CQZj4RMqNGeWYPQ8L
+VCVevvKIo/YCxPhh7l/ZGDH7JmRm3ZLa7Pihk3nK7Yfs+w+L2MLvg+n6wrtFP7AA
+Yd4awg6MzGGvxDLa2YP5GPE5wappb/kJaZSTyfYwtkgZ0ldIYw0vTPR6dBnaWsgk
+x6+1w56yjsmwKW7YjhI=
+-----END CERTIFICATE-----
diff --git a/build/default_configuration/certs/database/server-key.pem b/build/default_configuration/certs/database/server-key.pem
new file mode 100644
index 0000000..4fb44b9
--- /dev/null
+++ b/build/default_configuration/certs/database/server-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCg8bWnm5ld3N9P
+bYg00E4Z5KCtUz5FBBBJo6UTUO7rRufkOnLeB7RFwk9bzjnhciGvE25q/ggU8Iyq
+qK+otNGSrKYd7EGjAmMZsd6mMD56/kECriK9hWmH2FAKbA0GiTDhsw1T7FgpHMMP
+n1EP5IPLBd0AGr7ZfinkW4VhokQpV7yN4fvWHBID3aXYlsyd+KcDpZNupvpI2tM+
+2Hf+Xzei7lElASRy9TnD6u0Ua6v6MDjiCSUSu0WqgBGSnodYgfPiJ9n7QFF5+a5b
+1tF+EJxoG2z3KQ8hJpSXXL36eIfRLvrnVpdp8tRFQl7TwwNFHqV8ulzmPHqnVn8g
+LLWGyCq7AgMBAAECggEAIjlD15BO3JbLJai0/gYNlZP4VuMMqsBidkZGJAVhyMYb
+KX0EUBJzUyIunecMh9QtNX18TWQXc9xzDRcxwz4wEnCEInjKvE8Vo7EfF1fK8Xx/
+doJxALwN5MUqwAyZ+HnT2yqn+uCXHqbvE7NdGXQOUm28wPju/HDHl7eedVR8Cg43
+bhPX9VhGjXESaTfPK0rNoIt4o/j+Lrxk9RdLKBrd6uWBLzWrfv3fXVgUYJPIlRW3
+lI/mGZOGdue+LunuzQe270+xJ0PtNmxIiyPibslQ5/EHp3YTnyKunpHAm2KRKGS8
+FhHTFJkya01y6WWgDjl5UFatvoOGNUKB0+DNgAY7gQKBgQDd+VK7tbd7a+mEtr4X
+ejU4X162HJ50v6GFE4TCTN+YWpnbtCoK30IpYwfSY7oG/t4HdiWmhks3GdsRjKVk
+QZPweOY4zHtOwZVkl19uRJ9geUDXDuzjTumOvYhFBLqzGbGFcKkOslLDFr90K2ov
+QvBjBGQdwfWFLUfu+yIqsutqxwKBgQC5nXa+opfOCdpEgcTcd6PRxsqp5UE1J75h
+ilSWQWf/lK9ZueYv1DBNTocTxWl3jk9QrnhQOtiwnVDYz3MnXtG5gmlMs4aeTh0u
+AMjYvcg9Feizb8WFE18ogofGmyhKq1TQ93N29uKoK95bZS1y8iJdVHq6MlyfMsT0
+QJ7xrsKsbQKBgQDEX/10eSfQ9cAKnA0CAiixLZZBsIHysVH4xDLQHmg1hfnV58bG
+BYunx6e01mtOIw5UNY7LisViAurO1MnBL07tEFhEaYqxOwuqiUxw5h7Fn5/gYqDp
+2/c+Q6kZvjxZlGJ7thaqHNKhKy/HW10+YI8AWnMj7GMEJfIcl2o7sjwZIwKBgEG5
+diCOpj440ubLJJAEdSeEwqJiITLXPdyABO+nfVHMrkKRRubMtcXJ9p6TmoLRC1jA
+Tq3qCGyRZ909p8LbGlwbx3l3YEWR11dAw92rZcnrhhhzjXdPorRPdBBpRF0cSc4s
+sOABD8UIs5WdP/ihsHVnwoVH6/AbJA5xC1b80MYJAoGAQ8/Cx4ylHJFjJjv4BWJb
+5Pu0CVyEvDR+ADY4+Dcfx6h43nJ8kfhIUtUCVNfvttNoJsCbPx4mwhYjRbWcCaEm
+r3N4P6TUwvBw4D1ZFTwcZ0fM6Y9huw34KaTxePlRhNrz7IgbXqspkH4NzIT6wzdB
+57pufY7n+6Fwfh6UBSpAjl4=
+-----END PRIVATE KEY-----
diff --git a/build/default_configuration/certs/database/server-req.pem b/build/default_configuration/certs/database/server-req.pem
new file mode 100644
index 0000000..0fa3553
--- /dev/null
+++ b/build/default_configuration/certs/database/server-req.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICVTCCAT0CAQAwEDEOMAwGA1UEAwwFbXlzcWwwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCg8bWnm5ld3N9PbYg00E4Z5KCtUz5FBBBJo6UTUO7rRufk
+OnLeB7RFwk9bzjnhciGvE25q/ggU8IyqqK+otNGSrKYd7EGjAmMZsd6mMD56/kEC
+riK9hWmH2FAKbA0GiTDhsw1T7FgpHMMPn1EP5IPLBd0AGr7ZfinkW4VhokQpV7yN
+4fvWHBID3aXYlsyd+KcDpZNupvpI2tM+2Hf+Xzei7lElASRy9TnD6u0Ua6v6MDji
+CSUSu0WqgBGSnodYgfPiJ9n7QFF5+a5b1tF+EJxoG2z3KQ8hJpSXXL36eIfRLvrn
+Vpdp8tRFQl7TwwNFHqV8ulzmPHqnVn8gLLWGyCq7AgMBAAGgADANBgkqhkiG9w0B
+AQsFAAOCAQEAH8wVvpJSz/PELbYbwaEPWPyYq9Cq/cj0kFY5gTwMyB+CGzPk0P6v
+2/+6ngyz8YfYOZgRwqJZqg47h9ERrgIX2hd77aS/pwPNE9GUYPYXRW40skykqNTH
+lWEyHdFzP94TAJR5CjBD7ZVqBY2oGM41CLsuH+D/wj53WLpa+pQceA91IVvpzhaP
+/dY6MySv/aC2qhRkChduryEaSBIzdOOKh8dWr+/id4WmGa65x0n+uRECS2FzpTiB
+QI9Jc+9T9Wc+NhNJa3IxAHnRVus+2zM40RD6vZEWRZym7If56dOcd1uomL6BdYuQ
+cyVw4zIgozG95Y39sJmPFEi97Kj2pHkgEg==
+-----END CERTIFICATE REQUEST-----
diff --git a/build/default_configuration/certs/certificate.crt b/build/default_configuration/certs/webserver/certificate.crt
similarity index 100%
rename from build/default_configuration/certs/certificate.crt
rename to build/default_configuration/certs/webserver/certificate.crt
diff --git a/build/default_configuration/certs/certificate.key b/build/default_configuration/certs/webserver/certificate.key
similarity index 100%
rename from build/default_configuration/certs/certificate.key
rename to build/default_configuration/certs/webserver/certificate.key
diff --git a/build/default_configuration/mariadb/my.cnf b/build/default_configuration/mariadb/my.cnf
index 6c9bb12..dec5de4 100644
--- a/build/default_configuration/mariadb/my.cnf
+++ b/build/default_configuration/mariadb/my.cnf
@@ -1,2 +1,10 @@
 [mariadbd]
-max_allowed_packet=64M
\ No newline at end of file
+max_allowed_packet=64M
+
+require_secure_transport = OFF
+
+ssl-ca   = /etc/mariadb/certs/ca.pem
+ssl-cert = /etc/mariadb/certs/server-cert.pem
+ssl-key  = /etc/mariadb/certs/server-key.pem
+tls_version = TLSv1.2,TLSv1.3
+ssl_cipher       = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
diff --git a/build/default_configuration/mysql/my.cnf b/build/default_configuration/mysql/my.cnf
index 986fdcf..e10924f 100644
--- a/build/default_configuration/mysql/my.cnf
+++ b/build/default_configuration/mysql/my.cnf
@@ -1,2 +1,11 @@
 [mysqld]
-max_allowed_packet=64M
\ No newline at end of file
+max_allowed_packet=64M
+
+require_secure_transport = OFF
+
+ssl-ca   = /etc/mysql/certs/ca.pem
+ssl-cert = /etc/mysql/certs/server-cert.pem
+ssl-key  = /etc/mysql/certs/server-key.pem
+tls_version = TLSv1.2,TLSv1.3
+tls_ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+ssl_cipher       = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
\ No newline at end of file
diff --git a/build/default_configuration/php/client.cnf b/build/default_configuration/php/client.cnf
new file mode 100644
index 0000000..50bafe5
--- /dev/null
+++ b/build/default_configuration/php/client.cnf
@@ -0,0 +1,10 @@
+[client]
+ssl-ca   = /etc/database/certs/ca.pem
+ssl-cert = /etc/database/certs/client-cert.pem
+ssl-key  = /etc/database/certs/client-key.pem
+
+# verification failed due to hostname mismatch
+# as we have mariadb and mysql, php client couldn't verify the server cert
+ssl-verify-server-cert = false
+
+[client-mariadb]
diff --git a/docker-compose.yml b/docker-compose.yml
index 63a500d..fa96133 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,10 +23,12 @@ x-php: &default-php
   volumes:
     - ${CONF_FOLDER}/php/php.ini:/usr/local/etc/php/conf.d/php.ini
     - ${CONF_FOLDER}/php/xdebug.ini:/usr/local/etc/php/conf.d/xdebug.ini
+    - ${CONF_FOLDER}/php/client.cnf:/etc/mysql/conf.d/client.cnf:ro
     - ${CONF_FOLDER}/msmtprc/msmtprc:/var/www/.msmtprc:ro
     - ${HTML_FOLDER}:/var/www/html/
     - ${DATA_FOLDER}/php/coverage:${PHP_COVERAGE_OUTPUT_FOLDER}
     - ${DATA_FOLDER}/php/profile:${PHP_PROFILE_OUTPUT_FOLDER}
+    - ${CONF_FOLDER}/certs/database:/etc/database/certs:ro
   restart: always
 
 services:
@@ -115,7 +117,7 @@ services:
     volumes:
       - ${CONF_FOLDER}/apache/httpd.conf:/usr/local/apache2/conf/httpd.conf
       - ${CONF_FOLDER}/apache/httpd-vhosts.conf:/usr/local/apache2/conf/extra/httpd-vhosts.conf
-      - ${CONF_FOLDER}/certs:/etc/apache/certs
+      - ${CONF_FOLDER}/certs/webserver:/etc/apache/certs
       - ${HTML_FOLDER}:/var/www/html/
     restart: always
 #    depends_on:
@@ -149,7 +151,7 @@ services:
       - "${NGINX_PORT_85:-85}:85"
     volumes:
       - ${CONF_FOLDER}/nginx:/etc/nginx/conf.d
-      - ${CONF_FOLDER}/certs:/etc/nginx/certs
+      - ${CONF_FOLDER}/certs/webserver:/etc/nginx/certs
       - ${HTML_FOLDER}:/var/www/html/
     restart: always
 #    depends_on:
@@ -173,6 +175,7 @@ services:
       - ${CONF_FOLDER}/mariadb:/etc/mysql/conf.d
       - ${DATA_FOLDER}/mariadb/:/var/lib/mysql
       - ${DATA_FOLDER}/dbdump/:/tmp/dbdump
+      - ${CONF_FOLDER}/certs/database:/etc/mariadb/certs:ro
     environment:
       MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
 
@@ -186,6 +189,7 @@ services:
       - ${CONF_FOLDER}/mysql:/etc/mysql/conf.d
       - ${DATA_FOLDER}/mysql/:/var/lib/mysql
       - ${DATA_FOLDER}/dbdump/:/tmp/dbdump
+      - ${CONF_FOLDER}/certs/database:/etc/mysql/certs
     environment:
       MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
 
@@ -193,6 +197,13 @@ services:
     image: adminer
     container_name: adminer
     restart: unless-stopped
+    environment:
+      DB_SSL_KEY: '/etc/database/certs/client-key.pem'
+      DB_SSL_CERT: '/etc/database/certs/client-cert.pem'
+      DB_SSL_CA: '/etc/database/certs/ca.pem'
+    volumes:
+      - ${CONF_FOLDER}/certs/database:/etc/database/certs:ro
+      - ${CONF_FOLDER}/adminer/plugins-enabled/:/var/www/html/plugins-enabled/
     ports:
       - "${ADMINER_PORT:-8080}:8080"
     deploy:
diff --git a/readme.md b/readme.md
index 0f8fada..65d367d 100644
--- a/readme.md
+++ b/readme.md
@@ -44,16 +44,12 @@ The containers in charge of serving the web pages.
 > You can change the default web server. [How To...](./addons/documentation/how_to.md#change-the-webserver)
 
 #### Default Listened Ports
+* `88` (Automatic Mode) To serve pages based on PHP version passed in request header `X-PHP-Version`.
+* `443` (Automatic Mode) To serve pages based on PHP version passed in request header `X-PHP-Version` with `HTTPS` protocol.
 * `74` Serve pages based on PHP 7.4.
 * `80` Serve pages based on PHP 8.0.
 * `81` Serve pages based on PHP 8.1.
-* `82` Serve pages based on PHP 8.2.
-* `83` Serve pages based on PHP 8.3.
-* `84` Serve pages based on PHP 8.4.
-* `85` Serve pages based on PHP 8.5.
-
-* `88` (Automatic Mode) To serve pages based on PHP version passed in request header `X-PHP-Version`.
-* `443` (Automatic Mode) To serve pages based on PHP version passed in request header `X-PHP-Version` with `HTTPS` protocol.
+* etc... (depending on the number of PHP versions you have, until 88 😬)
 
 #### Automatic Mode
 With automatic mode, web servers will serve pages based on the PHP version passed in the request header `X-PHP-Version`.\
@@ -65,108 +61,92 @@ You also can use one of the official browser extensions allowing to add custom h
 
 
 #### Nginx (default)
-The container for Nginx webserver.\
-A `self-signed certificate` is included in the certs conf directory allowing `HTTPS`.
-
-Official build of Nginx.\
-Based on `nginx:alpine`
+Nginx webserver.\
+Official build of Nginx based on `nginx:alpine` 🐳 [Docker official image page](https://hub.docker.com/_/nginx)
 
-🐳 [Docker official image page](https://hub.docker.com/_/nginx)
+> [!NOTE]
+> A self-signed certificate is included in the certs webserver conf directory allowing `HTTPS`.
 
 > [!NOTE]
 > `app.conf` file is included in the nginx conf directory to configure Nginx settings. [How To...](./addons/documentation/how_to.md#edit-configuration)
 
 #### Apache
-The container for Apache webserver.\
-A `self-signed certificate` is included in the certs conf directory allowing `HTTPS`.
-
-Official build of Apache.\
-Based on `httpd:latest`
+Apache webserver.\
+Official build based on `httpd:latest` 🐳 [Docker official image page](https://hub.docker.com/_/httpd)
 
-🐳 [Docker official image page](https://hub.docker.com/_/httpd)
+> [!NOTE]
+> A self-signed certificate is included in the certs webserver conf directory allowing `HTTPS`.
 
 > [!NOTE]
 > `httpd.conf` file is included in the apache conf directory to configure Apache settings. [How To...](./addons/documentation/how_to.md#edit-configuration-1)\
 `httpd-vhosts.conf` file is included in the apache conf directory to configure virtual hosts. [How To...](./addons/documentation/how_to.md#edit-configuration-1)
 
 ### PHP FPM X.X
-The containers in charge of the PHP script processing.\
-Based on `php:x.x-fpm` image, this extended image includes `xdebug`, all needed `php extensions`, `graphviz` and a `MariaDB client` to run iTop.
-
-While designed for web development, the PHP scripting language also provides general-purpose use.
-
-🐳 [Docker official image page](https://hub.docker.com/_/php)
+While designed for web development, the PHP scripting language also provides general-purpose use.\
+Custom build based on `php:x.x-fpm` image, this extended image includes `xdebug`, all needed `php extensions`, `graphviz` and a `MariaDB client` to run iTop 🐳 [Docker official image page](https://hub.docker.com/_/php)
 
 > [!NOTE]
 > `php.ini` file is included in the php conf directory to configure PHP settings. [How To...](./addons/documentation/how_to.md#change-PHP-settings)\
-`xdebug.ini` file is included in the php conf directory to configure XDebug settings. [How To...](./addons/documentation/how_to.md#change-XDebug-settings)
+`xdebug.ini` file is included in the php conf directory to configure XDebug settings. [How To...](./addons/documentation/how_to.md#change-XDebug-settings)\
+`client.cnf` file is included in the php conf directory to configure MariaDB/MySQL client settings. [How To...](./addons/documentation/how_to.md#change-MariaDB-client-settings)
 
 > [!TIP]
 > You can  add a new PHP version. [How To...](./addons/documentation/how_to.md#add-a-new-php-version)
 
 ### MariaDB
-The container for MariaDB database.
-
 MariaDB Server is a high performing open source relational database, forked from MySQL.\
-Based on `mariadb` image.
+Official build based on `mariadb` image. 🐳 [Docker official image page](https://hub.docker.com/_/mariadb)
 
-🐳 [Docker official image page](https://hub.docker.com/_/mariadb)
+> [!NOTE]
+> Certificates are included in the certs database conf directory allowing secured connection to the database.
 
+> [!IMPORTANT]
+> `require_secure_transport` flag is set to `OFF` in the default configuration of the database.\
+If you want to enable it, you can change the `my.cnf` file included in the database conf directory. [How To...](./addons/documentation/how_to.md#activate-secured-connection)\
 
 #### Default Listened Ports
 * `3306`
 
 ### MySQL
-The container for MySQL database.
+MySQL is a widely used, open-source relational database management system (RDBMS).\
+Official build based on `mysql` image. 🐳 [Docker official image page](https://hub.docker.com/_/mysql)
 
-MySQL is a widely used, open-source relational database management system (RDBMS).
-Based on `mysql` image.
+> [!NOTE]
+> Certificates are included in the certs database conf directory allowing secured connection to the database.
 
-🐳 [Docker official image page](https://hub.docker.com/_/mysql)
+> [!IMPORTANT]
+> `require_secure_transport` flag is set to `OFF` in the default configuration of the database.\
+If you want to enable it, you can change the `my.cnf` file included in the database conf directory. [How To...](./addons/documentation/how_to.md#activate-secured-connection)\
+You also need to set `'db_tls.enabled' => true` in iTop configurations.
 
 #### Default Listened Ports
 * `3307`
 
 ### Adminer
-The container for database web administration.
-
-Database management in a single PHP file.
-Based on `adminer` image.
-
-🐳 [Docker official image page](https://hub.docker.com/_/adminer)
+Database management in a single PHP file.\
+Official build based on `adminer` image. 🐳 [Docker official image page](https://hub.docker.com/_/adminer)
 
 #### Default Listened Ports
 * `8080`
 
 ### MailPit
-The container for mailer testing.
-
-Mailpit is packed full of features for developers wanting to test SMTP and emails. It acts as an SMTP server, provides a modern web interface to view & test intercepted emails. It also contains an API for automated integration testing.
-Based on `axllent/mailpit` image.
-
-🐳 [Docker official image page](https://hub.docker.com/r/axllent/mailpit)
+Mailpit is packed full of features for developers wanting to test SMTP and emails. It acts as an SMTP server, provides a modern web interface to view & test intercepted emails. It also contains an API for automated integration testing.\
+Official build based on `axllent/mailpit` image. 🐳 [Docker official image page](https://hub.docker.com/r/axllent/mailpit)
 
 #### Default Listened Ports
 * `8025` WebUI
 * `1025` SMTP
 
 ### Script-server
-The container for scripts execution.
-
-Script-server allows you to execute pre-configured CLI scripts directly from a Web UI. No need for SSH connection, knowing commands exact syntax.
-Based on `bugy/script-server` image.
-
-🐳 [Docker official image page](https://hub.docker.com/r/bugy/script-server)
+Script-server allows you to execute pre-configured CLI scripts directly from a Web UI. No need for SSH connection, knowing commands exact syntax.\
+Official build based on `bugy/script-server` image. 🐳 [Docker official image page](https://hub.docker.com/r/bugy/script-server)
 
 #### Default Listened Ports
 * `8090` WebUI
 
 ### kCacheGrind
-The container for xdebug profile analyze.
-
-Web GUI to inspect Valgrind and Xdebug profiling reports.
-
-🐳 [Docker official image page](https://hub.docker.com/r/nedix/kcachegrind)
+Web GUI to inspect Valgrind and Xdebug profiling reports.\
+Official build based on `nedix/kcachegrind` image. 🐳 [Docker official image page](https://hub.docker.com/r/nedix/kcachegrind)
 
 #### Default Listened Ports
 * `8088` WebUI