diff --git a/main.go b/main.go
index 436f9ad..55e5a48 100644
--- a/main.go
+++ b/main.go
@@ -19,7 +19,7 @@ import (
 )
 
 var (
-	gVersion = "0.4"
+	gVersion = "0.5"
 )
 
 func marshalResultToText(res *ldap.SearchResult, delimiter string, showValueName, showDN bool) string {
@@ -269,6 +269,9 @@ func main() {
 	var ldapUser string
 	var ldapPass string
 	var ldapBaseDN string
+	var tlsPrivKey string
+	var tlsCert string
+	var doTls bool
 	var debug bool
 
 	flag.StringVar(&confFile, "config", "", "Path to the config file (optional)")
@@ -277,6 +280,9 @@ func main() {
 	flag.StringVar(&ldapUser, "ldap-user", "", "ldap username")
 	flag.StringVar(&ldapPass, "ldap-pass", "", "ldap password")
 	flag.StringVar(&ldapBaseDN, "ldap-base-dn", "", "ldap base DN")
+	flag.BoolVar(&doTls, "https", false, "Serve over TLS")
+	flag.StringVar(&tlsPrivKey, "ssl-private-key", "", "SSL Private key")
+	flag.StringVar(&tlsCert, "ssl-certificate", "", "SSL certificate (PEM format)")
 	flag.BoolVar(&debug, "debug", false, "Set log level to debug")
 	
 	flag.Parse()
@@ -328,6 +334,25 @@ func main() {
 			log.Fatal("No ldap-base-dn defined!")
 		}
 	}
+	if false == doTls {
+		doTls = viper.GetBool("SERVE_HTTPS")
+	}
+	if doTls && len(tlsCert) == 0 {
+		l := viper.GetString("SSL_CERTIFICATE")
+		if len(l) > 0 {
+			tlsCert = l
+		} else {
+			log.Fatal("SSL certificate must be set to use https!")
+		}
+	}
+	if doTls && len(tlsPrivKey) == 0 {
+		l := viper.GetString("SSL_PRIVATE_KEY")
+		if len(l) > 0 {
+			tlsPrivKey = l
+		} else {
+			log.Fatal("SSL private key must be set to use https!")
+		}
+	}
 
 	log.Println("Starting Go Ldap API v.", gVersion)
 	if debug {
@@ -340,7 +365,11 @@ func main() {
 
 	initRouter(r, &ldap)
 
-	r.Run(listen)
+	if doTls {
+		r.RunTLS(listen, tlsCert, tlsPrivKey)
+	} else {
+		r.Run(listen)
+	}
 }