diff --git a/server/.gitignore b/server/.gitignore
index c1843bb5..1a80cec4 100644
--- a/server/.gitignore
+++ b/server/.gitignore
@@ -19,3 +19,4 @@ node_modules
 server.iml
 .babashka-pod-*
 dev-resources/honeycomb-export*
+dev-resources/certs
diff --git a/server/scripts/install_dev_certs.sh b/server/scripts/install_dev_certs.sh
new file mode 100755
index 00000000..e150465a
--- /dev/null
+++ b/server/scripts/install_dev_certs.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -o errexit -o nounset -o pipefail -o xtrace
+cd `dirname $0`/..
+
+brew install mkcert
+brew install nss
+
+mkcert -install
+mkdir -p dev-resources/certs
+cd dev-resources/certs
+DOMAIN="dev.instantdb.com"
+mkcert ${DOMAIN}
+
+CA_ROOT="$(mkcert -CAROOT)/rootCA.pem"
+
+cat ${DOMAIN}.pem "$CA_ROOT" > chain.pem
+echo "USE PASSWORD: changeit"
+openssl pkcs12 -export -inkey ${DOMAIN}-key.pem -in chain.pem -out dev.p12
+keytool -importkeystore  -storepass changeit -srckeystore dev.p12 -srcstoretype pkcs12 -destkeystore dev.jks -deststoretype pkcs12
+# verify
+keytool -list -v -storepass changeit -keystore dev.jks
+
+rm dev.p12
+rm chain.pem
\ No newline at end of file
diff --git a/server/src/instant/core.clj b/server/src/instant/core.clj
index c488894a..df9b78e9 100644
--- a/server/src/instant/core.clj
+++ b/server/src/instant/core.clj
@@ -2,6 +2,7 @@
   (:gen-class)
   (:require
    [tool]
+   [clojure.java.io :as io]
    [clojure.tools.logging :as log]
    [compojure.core :refer [defroutes GET POST routes]]
    [instant.admin.routes :as admin-routes]
@@ -106,10 +107,15 @@
   (tracer/record-info! {:name "server/start" :attributes {:port (config/get-server-port)}})
   (def server ^Undertow (undertow-adapter/run-undertow
                          (handler)
-                         {:host "0.0.0.0"
-                          :port (config/get-server-port)
-                          :configurator (fn [^Undertow$Builder builder]
-                                          (.setServerOption builder UndertowOptions/ENABLE_STATISTICS true))}))
+                         (merge
+                          {:host "0.0.0.0"
+                           :port (config/get-server-port)
+                           :configurator (fn [^Undertow$Builder builder]
+                                           (.setServerOption builder UndertowOptions/ENABLE_STATISTICS true))}
+                          (when (.exists (io/file "dev-resources/certs/dev.jks"))
+                            {:ssl-port 8889
+                             :keystore "dev-resources/certs/dev.jks"
+                             :key-password "changeit"}))))
   (def stop-gauge (gauges/add-gauge-metrics-fn
                    (fn [_]
                      (let [^Undertow server server