diff --git a/FAQ.md b/FAQ.md
index 49f8808..1f605cb 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -53,3 +53,8 @@ for http in such a case.
 To get around this, tunnel the 8998 port from the remote server to the localhost
 via ssh and access [localhost:8998](http://localhost:8998) via http normally
 after that.
+
+### How to get the key.pem and cert.pem files required for serving over https?
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
+```
diff --git a/moshi_mlx/moshi_mlx/local_web.py b/moshi_mlx/moshi_mlx/local_web.py
index 5eb0647..5cecac8 100644
--- a/moshi_mlx/moshi_mlx/local_web.py
+++ b/moshi_mlx/moshi_mlx/local_web.py
@@ -332,14 +332,25 @@ async def handle_root(_):
             log("info", f"serving static content from {static_path}")
             app.router.add_get("/", handle_root)
             app.router.add_static("/", path=static_path, name="static")
-        log("info", f"listening to http://{args.host}:{args.port}")
         runner = web.AppRunner(app)
         await runner.setup()
-        site = web.TCPSite(runner, args.host, args.port)
+        ssl_context = None
+        protocol = "http"
+        if args.ssl is not None:
+            import ssl
+
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            cert_file = os.path.join(args.ssl, "cert.pem")
+            key_file = os.path.join(args.ssl, "key.pem")
+            ssl_context.load_cert_chain(certfile=cert_file, keyfile=key_file)
+            protocol = "https"
+        site = web.TCPSite(runner, args.host, args.port, ssl_context=ssl_context)
+
+        log("info", f"listening to {protocol}://{args.host}:{args.port}")
 
         if not args.no_browser:
-            log("info", f"opening browser at http://{args.host}:{args.port}")
-            webbrowser.open(f"http://{args.host}:{args.port}")
+            log("info", f"opening browser at {protocol}://{args.host}:{args.port}")
+            webbrowser.open(f"{protocol}://{args.host}:{args.port}")
 
         await asyncio.gather(
             recv_loop(), send_loop(), recv_loop2(), send_loop2(), site.start()
@@ -363,6 +374,14 @@ def main():
     parser.add_argument("--static", type=str)
     parser.add_argument("--host", default="localhost", type=str)
     parser.add_argument("--port", default=8998, type=int)
+    parser.add_argument(
+        "--ssl",
+        type=str,
+        help=(
+            "use https instead of http, this flag should point to a directory "
+            "that contains valid key.pem and cert.pem files"
+        )
+    )
     parser.add_argument("--no-browser", action="store_true")
 
     args = parser.parse_args()
diff --git a/rust/README.md b/rust/README.md
index a170c04..48f17b4 100644
--- a/rust/README.md
+++ b/rust/README.md
@@ -29,6 +29,12 @@ maturin dev -r -m rust/mimi-pyo3/Cargo.toml
 
 ## Rust server
 
+If you don't have ssl certificates yet, generate a `key.pem` and `cert.pem` file
+using the following command.
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
+```
+
 In order to run the rust inference server, use the following command from within
 the this directory: