diff --git a/.dockerignore b/.dockerignore
index eda3192..fc5bb81 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,4 @@
 venv
 .git
 dist
+certs
diff --git a/.env.local b/.env.local
index 0d88f9a..dc25951 100644
--- a/.env.local
+++ b/.env.local
@@ -9,10 +9,20 @@ ENV_NAME=local
 # WEB_PATH_AT_HOST=./services/web
 # DB_PATH_AT_HOST=./services/db
 
-
-WEB_HOST=127.0.0.1
+# public web server info
+WEB_HOST=localhost
 WEB_PORT=9095
 
+# internal web server socket bind address
+WEB_BIND_ADDRESS=127.0.0.1
+WEB_BIND_PORT=${WEB_PORT}
+
+# SSL certificate/key path
+WEB_SSL_KEY_PATH={@ROOT_PATH}/certs/${WEB_HOST}.key
+WEB_SSL_CERT_PATH={@ROOT_PATH}/certs/${WEB_HOST}.pem
+# WEB_SSL_KEY_PATH_AT_HOST=./certs/${WEB_HOST}.key
+# WEB_SSL_CERT_PATH_AT_HOST=./certs/${WEB_HOST}.pem
+
 # admin initial password
 INITIAL_ADMIN_PASSWORD=password
 
diff --git a/.gitignore b/.gitignore
index 3d79640..e1de6b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ services
 .tox/
 venv
 venvs
+certs
diff --git a/README.md b/README.md
index 8170aa4..9747b99 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,19 @@ separately.
 
 ## System Setup
 
+### SSL Certificates
+
+For development purposes should be created self-signed SSL certificate to be used for HTTPS/WSS
+communications under ./certs/ directory and named as '${WEB_HOST}.key' and '${WEB_HOST}.pem'. Below
+listed script to generate these files for "localhost" domain:
+
+    WEB_HOST=localhost && mkdir -p ./certs && openssl req -x509 -nodes -newkey rsa:4096 -keyout ./certs/$WEB_HOST.key -out ./certs/$WEB_HOST.crt -days 3650 -subj "/CN=$WEB_HOST" && openssl x509 -in ./certs/$WEB_HOST.crt -out ./certs/$WEB_HOST.pem -outform PEM
+
+In DEV/QA/UAT and other environments WEB_HOST should be specified to real DNS or IP address value
+end-user and backend clients will use to communicate with the repromon server. Also this value should
+be the same as WEB_HOST variable in '.env.*' file.
+
+For production deployment should be used SSL certificate from trusted authorities.
 
 ### Podman / Docker Environment
 There is a `template.env.dev` file with a configuration for a typical setup, but it has fields to fill in.
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index 492abf4..45e1722 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -23,6 +23,8 @@ services:
     volumes:
       - ${WEB_PATH_AT_HOST}/instance:/app/instance
       - ./.env.dev:/app/.env.local
+      - ${WEB_SSL_KEY_PATH_AT_HOST}:${WEB_SSL_KEY_PATH}
+      - ${WEB_SSL_CERT_PATH_AT_HOST}:${WEB_SSL_CERT_PATH}
 
   db:
     image: docker.io/postgres:latest
diff --git a/repromon.ini b/repromon.ini
index 53edaab..f109dd9 100644
--- a/repromon.ini
+++ b/repromon.ini
@@ -42,8 +42,10 @@ pool_recycle=3600
 
 [uvicorn]
 # fastapi uvicorn configuration
-host=${WEB_HOST}
-port=${WEB_PORT}
+host=${WEB_BIND_ADDRESS}
+port=${WEB_BIND_PORT}
+ssl_keyfile=${WEB_SSL_KEY_PATH}
+ssl_certfile=${WEB_SSL_CERT_PATH}
 #workers=4
 #reload=True
 #log_level=debug
diff --git a/repromon_app/config.py b/repromon_app/config.py
index 98c02c3..b6dc270 100644
--- a/repromon_app/config.py
+++ b/repromon_app/config.py
@@ -63,8 +63,8 @@ class UvicornConfig(BaseSectionConfig):
     # timeout_keep_alive: Optional[int] = 5
     # limit_concurrency: Optional[int] = 100
     # limit_max_requests: Optional[int] = 0
-    # ssl_keyfile: Optional[str] = None
-    # ssl_certfile: Optional[str] = None
+    ssl_keyfile: Optional[str] = None
+    ssl_certfile: Optional[str] = None
 
 
 class AppConfig:
diff --git a/repromon_tools/test_send_message.py b/repromon_tools/test_send_message.py
index 933b983..29f776b 100755
--- a/repromon_tools/test_send_message.py
+++ b/repromon_tools/test_send_message.py
@@ -3,9 +3,9 @@
 import copy
 import json
 import logging.config
+import os
 import random
 import time
-import os
 from datetime import datetime, timedelta
 
 import requests
@@ -18,7 +18,7 @@
 logger.debug(f"name={__name__}")
 
 
-API_BASE_URL = os.environ.get('REPROMON_API_URL', "http://localhost:9095/api/1")
+API_BASE_URL = os.environ.get('REPROMON_API_URL', "https://localhost:9095/api/1")
 ACCESS_TOKEN = os.environ.get('REPROMON_ACCESS_TOKEN')
 API_KEY = os.environ.get('REPROMON_API_KEY')
 
diff --git a/template.env.dev b/template.env.dev
index ab58c0e..3b3e269 100644
--- a/template.env.dev
+++ b/template.env.dev
@@ -9,9 +9,20 @@ ENV_NAME=dev
 WEB_PATH_AT_HOST=./services/web
 DB_PATH_AT_HOST=./services/db
 
-WEB_HOST=0.0.0.0
+# public web server info
+WEB_HOST=localhost
 WEB_PORT=9095
 
+# internal web server socket bind address
+WEB_BIND_ADDRESS=0.0.0.0
+WEB_BIND_PORT=$WEB_PORT
+
+# SSL certificate/key path
+WEB_SSL_KEY_PATH=/etc/repromon/certs/${WEB_HOST}.key
+WEB_SSL_CERT_PATH=/etc/repromon/certs/${WEB_HOST}.pem
+WEB_SSL_KEY_PATH_AT_HOST=./certs/${WEB_HOST}.key
+WEB_SSL_CERT_PATH_AT_HOST=./certs/${WEB_HOST}.key
+
 # admin initial password
 INITIAL_ADMIN_PASSWORD=TODO_initial_admin_password