diff --git a/config/etc/default/restconf.yaml b/config/etc/default/restconf.yaml
index b3e25c8c..954af171 100644
--- a/config/etc/default/restconf.yaml
+++ b/config/etc/default/restconf.yaml
@@ -14,9 +14,12 @@ rest:
   - ipv4: 0.0.0.0
     ipv6: 
     port: 3030
-  - ipv4: 
-    ipv6: ::0
-    port: 6060
+  - ipv4: 0.0.0.0
+    ipv6: 
+    port: 8443
+    schema: https
+    certFile: /usr/local/omc/etc/certs/tsa-omc.pem
+    keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.pem
 
 database:
   type: mysql
diff --git a/restagent/config/config.go b/restagent/config/config.go
index a1191a28..accd5313 100644
--- a/restagent/config/config.go
+++ b/restagent/config/config.go
@@ -32,9 +32,12 @@ type YamlConfig struct {
 	} `yaml:"logger"`
 
 	Rest []struct {
-		IPv4 string `yaml:"ipv4"`
-		IPv6 string `yaml:"ipv6"`
-		Port uint16 `yaml:"port"`
+		IPv4     string `yaml:"ipv4"`
+		IPv6     string `yaml:"ipv6"`
+		Port     uint16 `yaml:"port"`
+		Schema   string `yaml:"schema"`
+		CertFile string `yaml:"certFile"`
+		KeyFile  string `yaml:"keyFile"`
 	} `yaml:"rest"`
 
 	Database DbConfig `yaml:"database"`
diff --git a/restagent/etc/restconf.yaml b/restagent/etc/restconf.yaml
index 1b312829..1b7ed836 100644
--- a/restagent/etc/restconf.yaml
+++ b/restagent/etc/restconf.yaml
@@ -14,9 +14,12 @@ rest:
   - ipv4: 0.0.0.0
     ipv6: 
     port: 3040
-  - ipv4: 
-    ipv6: ::0
-    port: 6070
+  - ipv4: 0.0.0.0
+    ipv6: 
+    port: 8443
+    schema: https
+    certFile: /usr/local/omc/etc/certs/tsa-omc.pem
+    keyFile: /usr/local/omc/etc/certs/tsa-omc_pri.pem
 
 database:
   type: mysql
diff --git a/restagent/restagent.go b/restagent/restagent.go
index a348dd91..f19f96ea 100644
--- a/restagent/restagent.go
+++ b/restagent/restagent.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"os"
 	"strconv"
+	"strings"
 
 	"ems.agt/lib/dborm"
 	"ems.agt/lib/global"
@@ -70,6 +71,14 @@ func HttpListen(addr string, router http.Handler) {
 	}
 }
 
+func HttpListenTLS(addr, certFile, keyFile string, router http.Handler) {
+	err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
+	if err != nil {
+		fmt.Println("ListenAndServeTLS err:", err)
+		os.Exit(6)
+	}
+}
+
 func main() {
 	conf := config.GetYamlConfig()
 
@@ -117,12 +126,21 @@ func main() {
 		// ipv4 goroutines
 		if rest.IPv4 != "" {
 			listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
-			go HttpListen(listen, router)
+			if strings.ToLower(rest.Schema) == "https" {
+				go HttpListenTLS(listen, rest.CertFile, rest.KeyFile, router)
+			} else {
+				go HttpListen(listen, router)
+			}
+
 		}
 		// ipv6 goroutines
 		if rest.IPv6 != "" {
 			listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
-			go HttpListen(listenv6, router)
+			if strings.ToLower(rest.Schema) == "https" {
+				go HttpListenTLS(listenv6, rest.CertFile, rest.KeyFile, router)
+			} else {
+				go HttpListen(listenv6, router)
+			}
 		}
 	}