diff --git a/service/attestation/attestation-service/Cargo.toml b/service/attestation/attestation-service/Cargo.toml
index cf0dd8729f8f643f852eca0670caa0a2c01bde92..1736c38146c54092e59109fa93d027cf707ef640 100644
--- a/service/attestation/attestation-service/Cargo.toml
+++ b/service/attestation/attestation-service/Cargo.toml
@@ -24,7 +24,7 @@ rand = "0.8.5"
 ima-measurements = "0.2.0"
 fallible-iterator = "0.2.0"
 
-actix-web = "4.5"
+actix-web = { version = "4.5", features = ["openssl"] }
 env_logger = "0.9"
 tokio = { version = "1", features = ["full"] }
 strum = { version = "0.25", features = ["derive"] }
diff --git a/service/attestation/attestation-service/service/Cargo.toml b/service/attestation/attestation-service/service/Cargo.toml
index e8b88b8ed50e136a80bdbe7cce4d9a31846b13ce..4803b6cca53e9b27a45027101bb23fcfc9a03ed6 100644
--- a/service/attestation/attestation-service/service/Cargo.toml
+++ b/service/attestation/attestation-service/service/Cargo.toml
@@ -27,6 +27,7 @@ uuid.workspace = true
 rand.workspace = true
 scc.workspace = true
 attestation-types.workspace = true
+openssl.workspace = true
 
 [dev-dependencies]
 futures.workspace = true
diff --git a/service/attestation/attestation-service/service/src/main.rs b/service/attestation/attestation-service/service/src/main.rs
index 88941b844a0e05db28e3146377c61336b4ec5234..e7b2217205caa6788bb22c10030afdbf930e705f 100644
--- a/service/attestation/attestation-service/service/src/main.rs
+++ b/service/attestation/attestation-service/service/src/main.rs
@@ -20,6 +20,7 @@ use session::SessionMap;
 use anyhow::Result;
 use env_logger;
 use actix_web::{web, App, HttpServer};
+use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
 use std::{net::{SocketAddr, IpAddr, Ipv4Addr}, sync::Arc};
 use tokio::sync::RwLock;
 use clap::{Parser, command, arg};
@@ -47,6 +48,13 @@ struct Cli {
     //    }
     #[arg(short, long, default_value_t = DEFAULT_ASCONFIG_FILE.to_string())]
     config: String,
+
+    #[arg(short = 'p', long = "protocol", default_value_t = String::from("http"))]
+    protocol: String,
+    #[arg(short = 't', long = "https_cert", default_value_t = String::from(""))]
+    https_cert: String,
+    #[arg(short = 'k', long = "https_key", default_value_t = String::from(""))]
+    https_key: String,
 }
 
 #[actix_web::main]
@@ -69,7 +77,7 @@ async fn main() -> Result<()> {
     });
 
     let service = web::Data::new(Arc::new(RwLock::new(server)));
-    HttpServer::new(move || {
+    let http_server = HttpServer::new(move || {
         App::new()
             .app_data(web::Data::clone(&service))
             .app_data(web::Data::clone(&session_map))
@@ -78,10 +86,25 @@ async fn main() -> Result<()> {
             .service(reference)
             .service(set_policy)
             .service(get_policy)
-    })
-    .bind((cli.socketaddr.ip().to_string(), cli.socketaddr.port()))?
-    .run()
-    .await?;
+    });
+    if cli.protocol == "https"{
+        if  cli.https_cert.is_empty() || cli.https_key.is_empty() {
+            log::error!("cert or key is empty");
+            return Ok(());
+        }
+        let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
+        builder.set_private_key_file(cli.https_key, SslFiletype::PEM)?;
+        builder.set_certificate_chain_file(cli.https_cert)?;
+        http_server.bind_openssl((cli.socketaddr.ip().to_string(), cli.socketaddr.port()), builder)?
+        .run()
+        .await?;
+    } else if cli.protocol == "http" {
+        http_server.bind((cli.socketaddr.ip().to_string(), cli.socketaddr.port()))?
+        .run()
+        .await?;
+    } else {
+        log::error!("unknown protocol {}", cli.protocol);
+    }
 
     Ok(())
 }
\ No newline at end of file