diff --git a/.dev/auth.keystore b/.dev/auth.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..99c4c27b3c501fac08a68f4733cdb1f5ad983f0a
Binary files /dev/null and b/.dev/auth.keystore differ
diff --git a/.dev/chain.jks b/.dev/chain.jks
new file mode 100644
index 0000000000000000000000000000000000000000..3ff345e9205852ad7c95ec36199f7d59f00f1a8c
Binary files /dev/null and b/.dev/chain.jks differ
diff --git a/.dev/generate-jks.sh b/.dev/generate-jks.sh
new file mode 100644
index 0000000000000000000000000000000000000000..68a08784f0f9a3eb044b3f8adc370fcf572f5e83
--- /dev/null
+++ b/.dev/generate-jks.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+# ----------------
+# https://blogs.oracle.com/blogbypuneeth/post/create-an-internal-certification-authority-ca-using-keytool-and-sign-your-server-certificate
+# ----------------
+STORE_PASS=password
+KEY_PASS=password
+
+declare -A services
+services[9091]=container
+services[9092]=database
+services[9093]=query
+services[9094]=table
+services[9095]=gateway
+services[9096]=identifier
+services[9097]=authentication
+services[9098]=user
+services[9099]=metadata
+
+function generate () {
+  echo "... generate $1-service certificate"
+  keytool -genkeypair -storepass ${STORE_PASS} -keypass ${KEY_PASS} -storetype PKCS12 -keyalg RSA -keysize 2048 \
+    -dname "CN=$1-service, OU=DS-IFS, O=TU Wien, C=AT" -alias "$1-service" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \
+    -keystore ./server.keystore
+}
+
+function sign () {
+  echo "... sign $1-service certificate"
+  keytool -alias "$1-service" -certreq -storepass ${STORE_PASS} -keyalg RSA \
+    -keystore ./server.keystore | keytool -alias intermediate -gencert -storepass ${STORE_PASS} \
+    -keyalg RSA | keytool -alias "$1-service" -importcert -storepass ${STORE_PASS} -keyalg RSA \
+    -keystore ./server.keystore -noprompt -trustcacerts
+}
+
+function crt () {
+  echo "... export $1 certificate"
+  keytool -exportcert -alias "$1" -rfc -storepass ${STORE_PASS} -keystore "$2" > "./$1.crt"
+}
+
+function move () {
+  echo "... move jks to the $1-service"
+  cp ./server.keystore "../fda-$1-service/server.keystore"
+  rm -f "../fda-$1-service/intermediate.crt" && cp ./intermediate.crt "../fda-$1-service/intermediate.crt"
+}
+
+echo "Remove old JKS(s)"
+rm -f ./server.keystore ./auth.keystore ./chain.jks ./*.crt
+
+echo "Generate root certificate"
+keytool -alias root -dname "CN=RootCA, OU=DS-IFS, O=TU Wien, C=AT" -genkeypair -ext KeyUsage="keyCertSign" \
+  -ext BasicConstraints:"critical=ca:true" -validity 3600 -storepass ${STORE_PASS} -keyalg RSA
+
+echo "Generate intermediate certificate"
+keytool -alias intermediate -dname "CN=IntermediateCA, OU=DS-IFS, O=TU Wien, C=AT" -genkeypair \
+  -ext KeyUsage="keyCertSign" -ext BasicConstraints:"critical=ca:true" -validity 1800 -storepass ${STORE_PASS} \
+  -keyalg RSA
+
+echo "Sign the intermediate certificate"
+keytool -alias intermediate -certreq -storepass ${STORE_PASS} -keyalg RSA | keytool -alias root -gencert \
+  -ext KeyUsage="keyCertSign" -ext BasicConstraints:"critical=ca:true" -storepass ${STORE_PASS} \
+  -keyalg RSA | keytool -alias intermediate -importcert -storepass ${STORE_PASS} -keyalg RSA
+
+echo "Import the root certificate to the JKS"
+keytool -export -alias root -storepass ${STORE_PASS} | keytool -import -alias root -keystore ./server.keystore \
+  -storepass ${STORE_PASS} -noprompt -trustcacerts
+
+echo "Import the intermediate certificate to the JKS"
+keytool -export -alias intermediate -storepass ${STORE_PASS} | keytool -import -alias intermediate -keystore ./server.keystore \
+  -storepass ${STORE_PASS} -noprompt -trustcacerts
+
+echo "Generating the certificate key pairs"
+for key in "${!services[@]}"; do
+  generate "${services[$key]}"
+done
+
+echo "Sign the certificates with intermediate certificate"
+for key in "${!services[@]}"; do
+  sign "${services[$key]}"
+done
+
+echo "Export the trusted keystore"
+keytool -export -alias intermediate -storepass ${STORE_PASS} | keytool -import -alias intermediate \
+  -keystore ./chain.jks -storepass ${STORE_PASS} -trustcacerts -noprompt
+keytool -export -alias root -storepass ${STORE_PASS} | keytool -import -alias root -keystore ./chain.jks \
+  -storepass ${STORE_PASS} -trustcacerts -noprompt
+
+echo "Export CRTs"
+crt root ./chain.jks
+crt intermediate ./chain.jks
+
+echo "Copy the JKS(s)"
+for key in "${!services[@]}"; do
+  move "${services[$key]}"
+done
+
+echo "Create the authentication service JKS"
+echo "... import private key into the key store"
+keytool -importkeystore -srckeystore ./server.keystore -srcstorepass ${STORE_PASS} -srcalias "authentication-service" \
+  -destkeystore ./auth.keystore -deststorepass ${STORE_PASS} -deststoretype PKCS12 -destalias "server" -trustcacerts \
+  -noprompt
+rm -f ../fda-authentication-service/auth.keystore && cp ./auth.keystore ../fda-authentication-service/auth.keystore
diff --git a/.dev/intermediate.crt b/.dev/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/.dev/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/.dev/root.crt b/.dev/root.crt
new file mode 100644
index 0000000000000000000000000000000000000000..798a1f673479c075782eeed6458beb2d7d693e07
--- /dev/null
+++ b/.dev/root.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIEHaMDRDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTczOTU5WhcNMzMwMjA5MTczOTU5WjBBMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQD
+EwZSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK8FuP0bGt
+QAvhZEjRWTQuCdE6vXpDWjvSoevZaSclgJ9SncDHtRzkH0x0ArVfIRZFtjSUEcHb
+2r8mnOvqQ+9vs2azjTlacdPvezbhfgFFGIdrnHSm3RTB7smeOFceFkIvwiXT49+y
+ZGkB/p0QCDoVYhgRxFNtZKBTYa0uJLQ7cM8LK2g66/yugJsB4zOlre1zPiWGY/5k
+sWu780XVKpl9j6CR/xp3012bKlT/t7j7fKRamJYVYtW2guRQnl5J5AKRzlRGh84G
+onNI5qiwS0gAZUajpL00lb2XxSkv11DY0743EOSsqOvUDr+5h4v7pXEt+O5aFvFN
+ewRTHON1624fAgMBAAGjPzA9MB0GA1UdDgQWBBSdLp+I30uB4jAMP1PnZLolxbF/
+AzALBgNVHQ8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAIqrbs8mXC07a8VURnu3EFxO3dliDgxY1yQfB0VqMFL1yxGKXrVAJFLP/1MVr
+HVx53vZd/KBNGUjhLfnj3vF+TpqnOoJ/QEDSJPuEnpfFPtx0tE3e3lQQlebIA8aM
+m1iP2SJuKAYQUYOg1N9XXa+UPs9tWWrllY5dcYdHOK168eUwo1h6v0OOnaP7RvSn
+457jewK6fJ3tUhox2Hu1JEowupYE5QhMiLwG30MGkf2pWkTNfz005LTzmgvfMSz7
+k1rfO9oKdVbxNYxZPdzKZRsnCfOka/MmYcXstjp5KKXLo4Z3LLs8N0GDWlKRvX9p
+z2CJQ6CG+Aws4+J3mFOm2G9rIw==
+-----END CERTIFICATE-----
diff --git a/.dev/server.keystore b/.dev/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/.dev/server.keystore differ
diff --git a/.env.unix.example b/.env.unix.example
index 2e4923867fc8febcd1db501b16baf212a99781df..8c690b8b0431a5aaff1f5a94136ce4c9ca3bf45c 100644
--- a/.env.unix.example
+++ b/.env.unix.example
@@ -15,6 +15,4 @@ KEYCLOAK_ADMIN=fda
 KEYCLOAK_ADMIN_PASSWORD=fda
 BROKER_CONSUMERS=2
 WEBSITE=http://example.com
-KEY_ALIAS=server
-KEY_STORE_PATH=/server.keystore
-KEY_STORE_PASSWORD=password
\ No newline at end of file
+spring_profiles_active=insecure
\ No newline at end of file
diff --git a/fda-authentication-service/.gitignore b/fda-authentication-service/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..5ce9a595c60335bf4d5285a70f3f5f1dc37a60a6
--- /dev/null
+++ b/fda-authentication-service/.gitignore
@@ -0,0 +1 @@
+server.keystore
\ No newline at end of file
diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile
index 243d9689185ffeca3c9a26047976352686e12e30..65a36dd48b4f3e7a66bd13b76015bf3ad3379e95 100644
--- a/fda-authentication-service/Dockerfile
+++ b/fda-authentication-service/Dockerfile
@@ -13,7 +13,7 @@ ENV KC_DB=mariadb
 
 WORKDIR /opt/keycloak
 
-COPY ./server.keystore ./conf/server.keystore
+COPY ./auth.keystore ./conf/server.keystore
 
 RUN /opt/keycloak/bin/kc.sh build
 
diff --git a/fda-authentication-service/auth.keystore b/fda-authentication-service/auth.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..99c4c27b3c501fac08a68f4733cdb1f5ad983f0a
Binary files /dev/null and b/fda-authentication-service/auth.keystore differ
diff --git a/fda-authentication-service/intermediate.crt b/fda-authentication-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-authentication-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-authentication-service/server.keystore b/fda-authentication-service/server.keystore
deleted file mode 100644
index 93e5c28b23293910dac23a3e974cb485524a3a17..0000000000000000000000000000000000000000
Binary files a/fda-authentication-service/server.keystore and /dev/null differ
diff --git a/fda-container-service/Dockerfile b/fda-container-service/Dockerfile
index 95f2ddbb34ab85f9ceada45f408fea52cb618c26..49ae10cee1dda3d2dc76ec7abb508fff43a3df43 100644
--- a/fda-container-service/Dockerfile
+++ b/fda-container-service/Dockerfile
@@ -33,6 +33,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret
 ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
+ENV KEY_ALIAS=container-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-container-service/intermediate.crt b/fda-container-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-container-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-container-service/rest-service/src/main/resources/application-docker.yml b/fda-container-service/rest-service/src/main/resources/application-insecure.yml
similarity index 75%
rename from fda-container-service/rest-service/src/main/resources/application-docker.yml
rename to fda-container-service/rest-service/src/main/resources/application-insecure.yml
index eea48592c78d8c76d69038c26d089cd64f20b4f9..d135584cf3f8b1ca6800f707bbf0818ad073c40d 100644
--- a/fda-container-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,9 +22,21 @@ spring:
     name: container-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
 springdoc.swagger-ui.enabled: true
-server.port: 9091
+server:
+  port: 9091
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -32,7 +44,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: container-service
+  instance:
+    hostname: container-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9091
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   network: userdb
diff --git a/fda-container-service/rest-service/src/main/resources/application-local.yml b/fda-container-service/rest-service/src/main/resources/application-local.yml
index a8ff84d143fc369013f9da7acc3dc2c702a7bc51..8e82a9f09948d2763969e820823cfd707eed4d14 100644
--- a/fda-container-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-local.yml
@@ -22,9 +22,21 @@ spring:
     name: container-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
 springdoc.swagger-ui.enabled: true
-server.port: 9091
+server:
+  port: 9091
+  ssl:
+    enabled: true
+    key-alias: container-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -32,7 +44,11 @@ logging:
     at.tuwien.: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: container-service
+  instance:
+    hostname: container-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9091
   client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
   network: userdb
diff --git a/fda-container-service/rest-service/src/main/resources/application.yml b/fda-container-service/rest-service/src/main/resources/application.yml
index 1b781359d2ecb1d8b079140a2d75f150a8c7aad1..c131ca5e6769e98d5767add639c8dbe9b21c246f 100644
--- a/fda-container-service/rest-service/src/main/resources/application.yml
+++ b/fda-container-service/rest-service/src/main/resources/application.yml
@@ -32,7 +32,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: container-service
+  instance:
+    hostname: container-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9091
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   network: "${USER_NETWORK}"
diff --git a/fda-container-service/server.keystore b/fda-container-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-container-service/server.keystore differ
diff --git a/fda-database-service/Dockerfile b/fda-database-service/Dockerfile
index 8cb9cb8d330e94625022957c94eeb90fe7ad5b95..00484c81fb56a74eb89f0e1b62e90032eefa4e8e 100644
--- a/fda-database-service/Dockerfile
+++ b/fda-database-service/Dockerfile
@@ -35,6 +35,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret
 ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
+ENV KEY_ALIAS=database-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-database-service/intermediate.crt b/fda-database-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-database-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-database-service/rest-service/src/main/resources/application-docker.yml b/fda-database-service/rest-service/src/main/resources/application-insecure.yml
similarity index 76%
rename from fda-database-service/rest-service/src/main/resources/application-docker.yml
rename to fda-database-service/rest-service/src/main/resources/application-insecure.yml
index f94d2480e098c74ed183deefbf7fb78d530fed76..b6863b599bf770f996d35df97f1ebc78d561ea2f 100644
--- a/fda-database-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-database-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,12 +22,24 @@ spring:
     name: database-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
   rabbitmq:
     host: broker-service
     username: fda
     password: fda
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9092
+server:
+  port: 9092
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +47,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: database-service
+  instance:
+    hostname: container-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9092
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   elastic:
diff --git a/fda-database-service/rest-service/src/main/resources/application-local.yml b/fda-database-service/rest-service/src/main/resources/application-local.yml
index bd021238de249217b2c0f67d7fbc7ef30a695b33..40650c6040b48b1a33330803fb3ec9862b9d547d 100644
--- a/fda-database-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-database-service/rest-service/src/main/resources/application-local.yml
@@ -22,12 +22,24 @@ spring:
     name: database-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
   rabbitmq:
     host: localhost
     username: fda
     password: fda
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9092
+server:
+  port: 9092
+  ssl:
+    enabled: true
+    key-alias: database-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +47,11 @@ logging:
     at.tuwien.: info
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: database-service
+  instance:
+    hostname: database-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9092
   client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
   elastic:
diff --git a/fda-database-service/rest-service/src/main/resources/application.yml b/fda-database-service/rest-service/src/main/resources/application.yml
index 5fe3306acfb65381f970ac91842a50e77de95780..50c8c50bf95b60ccfd3cc18dc5aff4f65c02955c 100644
--- a/fda-database-service/rest-service/src/main/resources/application.yml
+++ b/fda-database-service/rest-service/src/main/resources/application.yml
@@ -27,7 +27,15 @@ spring:
     username: "${BROKER_USERNAME}"
     password: "${BROKER_PASSWORD}"
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9092
+server:
+  port: 9092
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: database-service
+  instance:
+    hostname: database-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9092
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   elastic:
diff --git a/fda-database-service/server.keystore b/fda-database-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-database-service/server.keystore differ
diff --git a/fda-discovery-service/rest-service/src/main/resources/application-docker.yml b/fda-discovery-service/rest-service/src/main/resources/application-insecure.yml
similarity index 71%
rename from fda-discovery-service/rest-service/src/main/resources/application-docker.yml
rename to fda-discovery-service/rest-service/src/main/resources/application-insecure.yml
index 967b742f9e3e7f4514211dd2971009dff253c04f..9d94a3e040753966791aaa6694298bfac2134d1c 100644
--- a/fda-discovery-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-discovery-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,8 +22,13 @@ spring:
     name: discovery-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9090
+server:
+  port: 9090
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,9 +36,14 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  eureka.client.register-with-eureka: false
-  eureka.client.fetch-registry: false
-  instance.hostname: discovery-service
-  client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
+  client:
+    register-with-eureka: false
+    fetch-registry: false
+    serviceUrl.defaultZone: http://discovery-service:9090/eureka/
+  instance:
+    hostname: discovery-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9090
 fda:
   ready.path: /ready
\ No newline at end of file
diff --git a/fda-discovery-service/rest-service/src/main/resources/application-local.yml b/fda-discovery-service/rest-service/src/main/resources/application-local.yml
index 6f14ec975a5770250ce8c8bb5f3ae385531a4c8e..0d81e2101e6f9d729aefe3d2213d9ca1a3006590 100644
--- a/fda-discovery-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-discovery-service/rest-service/src/main/resources/application-local.yml
@@ -22,8 +22,13 @@ spring:
     name: discovery-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9090
+server:
+  port: 9090
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,9 +36,14 @@ logging:
     at.tuwien.: info
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  eureka.client.register-with-eureka: false
-  eureka.client.fetch-registry: false
-  instance.hostname: discovery-service
-  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
+  client:
+    register-with-eureka: false
+    fetch-registry: false
+    serviceUrl.defaultZone: http://localhost:9090/eureka/
+  instance:
+    hostname: discovery-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9090
 fda:
   ready.path: ./ready
\ No newline at end of file
diff --git a/fda-discovery-service/rest-service/src/main/resources/application.yml b/fda-discovery-service/rest-service/src/main/resources/application.yml
index 23923e95375b0b47020eb8bc9e3a5c4eeace8e91..641d1a87a42dc371da51053ff98cce8041b86500 100644
--- a/fda-discovery-service/rest-service/src/main/resources/application.yml
+++ b/fda-discovery-service/rest-service/src/main/resources/application.yml
@@ -17,8 +17,11 @@ spring:
           time_zone: UTC
   application:
     name: discovery-service
+  cloud:
+    loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9090
+server:
+  port: 9090
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -26,9 +29,14 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  eureka.client.register-with-eureka: false
-  eureka.client.fetch-registry: false
-  instance.hostname: discovery-service
-  client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
+  client:
+    register-with-eureka: false
+    fetch-registry: false
+    serviceUrl.defaultZone: http://discovery-service:9090/eureka/
+  instance:
+    hostname: discovery-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9090
 fda:
   ready.path: /ready
\ No newline at end of file
diff --git a/fda-gateway-service/Dockerfile b/fda-gateway-service/Dockerfile
index a270239d58b0b4b44aefba904aa8d007fca8d720..ad6e477f6978e44b711cfc818221b793ee6fa55b 100644
--- a/fda-gateway-service/Dockerfile
+++ b/fda-gateway-service/Dockerfile
@@ -21,12 +21,15 @@ ENV METADATA_USERNAME=postgres
 ENV METADATA_PASSWORD=postgres
 ENV GATEWAY_ENDPOINT=http://gateway-service:9095
 ENV LOG_LEVEL=debug
-ENV KEY_ALIAS=server
+ENV KEY_ALIAS=gateway-service
 ENV KEY_PASS=password
 ENV KEY_STORE=/server.keystore
 ENV KEY_STORE_PASS=password
 
-COPY ./server.keystore /server.keystore
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-gateway-service/intermediate.crt b/fda-gateway-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-gateway-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-gateway-service/rest-service/src/main/resources/application-docker.yml b/fda-gateway-service/rest-service/src/main/resources/application-insecure.yml
similarity index 90%
rename from fda-gateway-service/rest-service/src/main/resources/application-docker.yml
rename to fda-gateway-service/rest-service/src/main/resources/application-insecure.yml
index b1eda86566fd3e7bfc350f2f730f3dd72965d776..05cba21093c6a1b964eadbaacc6dcc8515eb02d3 100644
--- a/fda-gateway-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-gateway-service/rest-service/src/main/resources/application-insecure.yml
@@ -43,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: discovery-service
+  instance:
+    hostname: discovery-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9095
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
\ No newline at end of file
diff --git a/fda-gateway-service/rest-service/src/main/resources/application-local.yml b/fda-gateway-service/rest-service/src/main/resources/application-local.yml
index ab294c2a578b643cb24002204804c6d3953b0b93..ffb8b7e672910d58ca291f7ff4cbdb9769da417b 100644
--- a/fda-gateway-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-gateway-service/rest-service/src/main/resources/application-local.yml
@@ -43,7 +43,11 @@ logging:
     at.tuwien.: info
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: gateway-service
-  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
+  instance:
+    hostname: gateway-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9095
+  client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: ./ready
\ No newline at end of file
diff --git a/fda-gateway-service/rest-service/src/main/resources/application.yml b/fda-gateway-service/rest-service/src/main/resources/application.yml
index 94983082cbc97883df236924c7bb61226f877aee..4139a81a84d83e8fc603d6cba7c2e582e009745b 100644
--- a/fda-gateway-service/rest-service/src/main/resources/application.yml
+++ b/fda-gateway-service/rest-service/src/main/resources/application.yml
@@ -19,11 +19,6 @@ spring:
     name: gateway-service
   cloud:
     loadbalancer.ribbon.enabled: false
-    gateway:
-      httpclient:
-        ssl:
-          useInsecureTrustManager: true
-springdoc.swagger-ui.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
 server:
   port: 9095
@@ -41,7 +36,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: discovery-service
+  instance:
+    hostname: gateway-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9095
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
\ No newline at end of file
diff --git a/fda-gateway-service/server.keystore b/fda-gateway-service/server.keystore
index 93e5c28b23293910dac23a3e974cb485524a3a17..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e 100644
Binary files a/fda-gateway-service/server.keystore and b/fda-gateway-service/server.keystore differ
diff --git a/fda-identifier-service/Dockerfile b/fda-identifier-service/Dockerfile
index 1d1d44e699773daca509fd60a34cab01fb0b886e..e0e06559c5cb3654cc300b2fa858f94dd46a27d8 100644
--- a/fda-identifier-service/Dockerfile
+++ b/fda-identifier-service/Dockerfile
@@ -32,6 +32,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret
 ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
+ENV KEY_ALIAS=identifier-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-identifier-service/intermediate.crt b/fda-identifier-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-identifier-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml b/fda-identifier-service/rest-service/src/main/resources/application-insecure.yml
similarity index 75%
rename from fda-identifier-service/rest-service/src/main/resources/application-docker.yml
rename to fda-identifier-service/rest-service/src/main/resources/application-insecure.yml
index effdbdecf86f748ef83a0b9df79ac13229124755..3919219a351ffd523643d69a30385b2fb76afe15 100644
--- a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,8 +22,20 @@ spring:
     name: identifier-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9096
+server:
+  port: 9096
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: identifier-service
+  instance:
+    hostname: identifier-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9096
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
diff --git a/fda-identifier-service/rest-service/src/main/resources/application-local.yml b/fda-identifier-service/rest-service/src/main/resources/application-local.yml
index 6a7ec7b45465c35f08e03c4dd96b3cb2d90f0948..d508ce58c9b060e67bac314b9443af0e6a706307 100644
--- a/fda-identifier-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application-local.yml
@@ -22,7 +22,19 @@ spring:
     name: identifier-service
   cloud:
     loadbalancer.ribbon.enabled: false
-server.port: 9096
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
+server:
+  port: 9096
+  ssl:
+    enabled: true
+    key-alias: identifier-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,7 +43,11 @@ logging:
     at.tuwien.auth.UserPermissionEvaluator: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: identifier-service
+  instance:
+    hostname: identifier-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9096
   client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-identifier-service/rest-service/src/main/resources/application.yml b/fda-identifier-service/rest-service/src/main/resources/application.yml
index c94870bb525e18a83a51ad981afa9f1b36e0ce04..8e4ddd84d849c99fbca68e923d76dab65b9896bd 100644
--- a/fda-identifier-service/rest-service/src/main/resources/application.yml
+++ b/fda-identifier-service/rest-service/src/main/resources/application.yml
@@ -23,7 +23,15 @@ spring:
   cloud:
     loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9096
+server:
+  port: 9096
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,7 +39,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: identifier-service
+  instance:
+    hostname: identifier-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9096
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
diff --git a/fda-identifier-service/server.keystore b/fda-identifier-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-identifier-service/server.keystore differ
diff --git a/fda-metadata-service/Dockerfile b/fda-metadata-service/Dockerfile
index 274c810b3a8fcc727badc137e81800b2772489cd..ab91517a44f29aefabde0882317f5c4af6d3c8d0 100644
--- a/fda-metadata-service/Dockerfile
+++ b/fda-metadata-service/Dockerfile
@@ -33,6 +33,15 @@ ENV EARLIEST_DATESTAMP="2022-09-17T18:23:00Z"
 ENV DELETED_RECORD=persistent
 ENV GRANULARITY="YYYY-MM-DDThh:mm:ssZ"
 ENV LOG_LEVEL=debug
+ENV KEY_ALIAS=metadata-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-metadata-service/intermediate.crt b/fda-metadata-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-metadata-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-metadata-service/rest-service/src/main/resources/application-docker.yml b/fda-metadata-service/rest-service/src/main/resources/application-insecure.yml
similarity index 75%
rename from fda-metadata-service/rest-service/src/main/resources/application-docker.yml
rename to fda-metadata-service/rest-service/src/main/resources/application-insecure.yml
index c4910247cb201c0b3c967df7520c616105568c8b..e2c8e24b3f7a9b75f086ab9752ff0ae0cdc4af05 100644
--- a/fda-metadata-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-metadata-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,8 +22,20 @@ spring:
     name: metadata-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9099
+server:
+  port: 9099
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: metadata-service
+  instance:
+    hostname: metadata-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9099
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-metadata-service/rest-service/src/main/resources/application-local.yml b/fda-metadata-service/rest-service/src/main/resources/application-local.yml
index 821d504e9c65d247ff9499fa69cf548d2b584bb7..f50a1d555e2df503752e2fe6f2e347eceaa65539 100644
--- a/fda-metadata-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-metadata-service/rest-service/src/main/resources/application-local.yml
@@ -2,7 +2,7 @@ app.version: '@project.version@'
 spring:
   main.banner-mode: off
   datasource:
-    url: jdbc:mariadb://metadata-db:3306/fda
+    url: jdbc:mariadb://localhost:3306/fda
     driver-class-name: org.mariadb.jdbc.Driver
     username: root
     password: dbrepo
@@ -22,8 +22,20 @@ spring:
     name: metadata-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9099
+server:
+  port: 9099
+  ssl:
+    enabled: true
+    key-alias: metadata-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,7 +43,11 @@ logging:
     at.tuwien.: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: metadata-service
+  instance:
+    hostname: metadata-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9099
   client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-metadata-service/rest-service/src/main/resources/application.yml b/fda-metadata-service/rest-service/src/main/resources/application.yml
index 7e02fcd5d1c40b757ed9c1ca59d85c9d6fbc6340..c83d16237a1572dfc21ad30b55b8e4ecbf747921 100644
--- a/fda-metadata-service/rest-service/src/main/resources/application.yml
+++ b/fda-metadata-service/rest-service/src/main/resources/application.yml
@@ -27,7 +27,15 @@ spring:
   cloud:
     loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9099
+server:
+  port: 9099
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: metadata-service
+  instance:
+    hostname: metadata-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9099
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-metadata-service/server.keystore b/fda-metadata-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-metadata-service/server.keystore differ
diff --git a/fda-query-service/Dockerfile b/fda-query-service/Dockerfile
index 75b10b84358d279a493ebff048fdcbbf29714c8e..b569cd934bb74f6a8bc141e42d398eadff9ae66d 100644
--- a/fda-query-service/Dockerfile
+++ b/fda-query-service/Dockerfile
@@ -36,6 +36,15 @@ ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
 ENV NOT_SUPPORTED_KEYWORDS=\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,--
+ENV KEY_ALIAS=query-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-query-service/intermediate.crt b/fda-query-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-query-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-query-service/rest-service/src/main/resources/application-docker.yml b/fda-query-service/rest-service/src/main/resources/application-insecure.yml
similarity index 77%
rename from fda-query-service/rest-service/src/main/resources/application-docker.yml
rename to fda-query-service/rest-service/src/main/resources/application-insecure.yml
index af01aef8848883339087020d716790a5e0faaf54..7aee796534edcd986653692bd66447e73e301a76 100644
--- a/fda-query-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-query-service/rest-service/src/main/resources/application-insecure.yml
@@ -26,8 +26,20 @@ spring:
     password: fda
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9093
+server:
+  port: 9093
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +47,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: query-service
+  instance:
+    hostname: query-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9093
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   gateway.endpoint: "${GATEWAY_ENDPOINT}"
diff --git a/fda-query-service/rest-service/src/main/resources/application-local.yml b/fda-query-service/rest-service/src/main/resources/application-local.yml
index 2efc331ed92353ea1440cfc018a0cbd9d2ccc689..ac83fc07bb0fbc6260338c3ee1b8591a444a950b 100644
--- a/fda-query-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-query-service/rest-service/src/main/resources/application-local.yml
@@ -26,8 +26,20 @@ spring:
     password: fda
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9093
+server:
+  port: 9093
+  ssl:
+    enabled: true
+    key-alias: query-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,8 +47,12 @@ logging:
     at.tuwien.: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: query-service
-  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
+  instance:
+    hostname: query-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9093
+  client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   gateway.endpoint: http://localhost:9095
   ready.path: ./ready
diff --git a/fda-query-service/rest-service/src/main/resources/application.yml b/fda-query-service/rest-service/src/main/resources/application.yml
index 5fa2c15377451daa437fa5ca0c1f21417467d4a0..852aa812c533881a4a19132e8385e63986bde698 100644
--- a/fda-query-service/rest-service/src/main/resources/application.yml
+++ b/fda-query-service/rest-service/src/main/resources/application.yml
@@ -27,7 +27,15 @@ spring:
   cloud:
     loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9093
+server:
+  port: 9093
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: query-service
+  instance:
+    hostname: query-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9093
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   gateway.endpoint: "${GATEWAY_ENDPOINT}"
diff --git a/fda-query-service/server.keystore b/fda-query-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-query-service/server.keystore differ
diff --git a/fda-table-service/Dockerfile b/fda-table-service/Dockerfile
index 95f2ddbb34ab85f9ceada45f408fea52cb618c26..7a98bac0c9e93805498802fdb4247826f830c0a6 100644
--- a/fda-table-service/Dockerfile
+++ b/fda-table-service/Dockerfile
@@ -33,6 +33,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret
 ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
+ENV KEY_ALIAS=table-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
diff --git a/fda-table-service/intermediate.crt b/fda-table-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-table-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-table-service/rest-service/src/main/resources/application-docker.yml b/fda-table-service/rest-service/src/main/resources/application-docker.yml
index 2bb58074adc7189b70e92299f7479280a411dd47..63633fa2b7bd36f096e28dd8bfbb51abcb58c3a1 100644
--- a/fda-table-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-table-service/rest-service/src/main/resources/application-docker.yml
@@ -26,8 +26,20 @@ spring:
     password: fda
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9094
+server:
+  port: 9094
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +47,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: table-service
+  instance:
+    hostname: table-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9094
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
diff --git a/fda-table-service/rest-service/src/main/resources/application-local.yml b/fda-table-service/rest-service/src/main/resources/application-local.yml
index c0fd28220a6cbfb95a6cf156e027689ed67b6e9b..3ee0f5dca9139dd26a1205f8974512379937cffe 100644
--- a/fda-table-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-table-service/rest-service/src/main/resources/application-local.yml
@@ -26,8 +26,20 @@ spring:
     password: fda
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9094
+server:
+  port: 9094
+  ssl:
+    enabled: true
+    key-alias: table-service
+    key-store: ./server.keystore
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +47,11 @@ logging:
     at.tuwien.: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: table-service
+  instance:
+    hostname: table-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9094
   client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-table-service/rest-service/src/main/resources/application.yml b/fda-table-service/rest-service/src/main/resources/application.yml
index 93de3e69e5a1b46ae72b4ad12886200aca3ad46c..7fcf0b41e2b3aa7f41fe8a9a481b51ca7bed2d6c 100644
--- a/fda-table-service/rest-service/src/main/resources/application.yml
+++ b/fda-table-service/rest-service/src/main/resources/application.yml
@@ -27,7 +27,15 @@ spring:
   cloud:
     loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9094
+server:
+  port: 9094
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -35,7 +43,11 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: table-service
+  instance:
+    hostname: table-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9094
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: ./ready
diff --git a/fda-table-service/server.keystore b/fda-table-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-table-service/server.keystore differ
diff --git a/fda-user-service/Dockerfile b/fda-user-service/Dockerfile
index a772cacf6ff3420cd7568106ee27c38a346285bb..678b956ca504fb246d735a87d8f89433f4c9eb47 100644
--- a/fda-user-service/Dockerfile
+++ b/fda-user-service/Dockerfile
@@ -24,14 +24,25 @@ FROM openjdk:11-jre-slim as runtime
 ENV METADATA_DB=fda
 ENV METADATA_USERNAME=root
 ENV METADATA_PASSWORD=dbrepo
-ENV GATEWAY_ENDPOINT=http://gateway-service:9095
+ENV GATEWAY_ENDPOINT=https://gateway-service:9095
 ENV KEYCLOAK_ADMIN=fda
 ENV KEYCLOAK_ADMIN_PASSWORD=fda
-ENV LOG_LEVEL=debug
 ENV DBREPO_CLIENT_SECRET=client-secret
 ENV CLIENT_ID=dbrepo-client
 ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
 ENV JWT_PUBKEY=public-key
+ENV LOG_LEVEL=debug
+ENV KEY_ALIAS=user-service
+ENV KEY_PASS=password
+ENV KEY_STORE=./server.keystore
+ENV KEY_STORE_PASS=password
+
+WORKDIR /app
+
+COPY ./server.keystore ./server.keystore
+COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt
+
+RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt
 
 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready
@@ -42,4 +53,4 @@ COPY --from=build ./rest-service/target/rest-service-*.jar ./user-service.jar
 
 EXPOSE 9093
 
-ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./user-service.jar"]
+ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-Djavax.net.ssl.trustStore=/app/server.keystore", "-Djavax.net.ssl.trustStorePassword=password", "-jar", "./user-service.jar"]
diff --git a/fda-user-service/intermediate.crt b/fda-user-service/intermediate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44
--- /dev/null
+++ b/fda-user-service/intermediate.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
+b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG
+EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
+Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
+HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
+x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
+zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
+UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
+YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
+jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
+MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0
+PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i
+zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ
+/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3
+8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD
+c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z
+U/v3rj9nHwAoTytU
+-----END CERTIFICATE-----
diff --git a/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java b/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
index 20c41199280f2df5ac0bee8385707cc46bf0634a..8bdb18dc09783d6ac2be5882629f353caf27b367 100644
--- a/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
+++ b/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java
@@ -2,7 +2,6 @@ package at.tuwien.endpoint;
 
 import at.tuwien.api.auth.SignupRequestDto;
 import at.tuwien.api.user.UserBriefDto;
-import at.tuwien.exception.RealmNotFoundException;
 import at.tuwien.exception.RemoteUnavailableException;
 import at.tuwien.exception.UserNotFoundException;
 import at.tuwien.mapper.UserMapper;
@@ -15,6 +14,8 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
+import javax.validation.Valid;
+import javax.validation.constraints.NotNull;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -51,8 +52,8 @@ public class UserEndpoint {
     @Transactional
     @Timed(value = "user.create", description = "Time needed to create a user in the metadata database")
     @Operation(summary = "Create a user")
-    public ResponseEntity<?> create(SignupRequestDto data) throws RealmNotFoundException, UserNotFoundException,
-            RemoteUnavailableException {
+    public ResponseEntity<UserBriefDto> create(@NotNull @Valid @RequestBody SignupRequestDto data)
+            throws UserNotFoundException, RemoteUnavailableException {
         log.debug("endpoint create a user, data={}", data);
         final UserBriefDto dto = userMapper.userToUserBriefDto(userService.create(data));
         log.trace("create user resulted in dto {}", dto);
diff --git a/fda-user-service/rest-service/src/main/resources/application-docker.yml b/fda-user-service/rest-service/src/main/resources/application-insecure.yml
similarity index 74%
rename from fda-user-service/rest-service/src/main/resources/application-docker.yml
rename to fda-user-service/rest-service/src/main/resources/application-insecure.yml
index 486101dd8e32882c69e4066d1911a030e07be3ce..157eb96a16d469c7ecdeaf814cfdf55e74c2f156 100644
--- a/fda-user-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-user-service/rest-service/src/main/resources/application-insecure.yml
@@ -22,8 +22,20 @@ spring:
     name: user-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9098
+server:
+  port: 9098
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,13 +43,16 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: user-service
+  instance:
+    hostname: user-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9098
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
   gateway.endpoint: "${GATEWAY_ENDPOINT}"
   keycloak:
-    endpoint: https://authentication-service:8443/
     username: "${KEYCLOAK_ADMIN}"
     password: "${KEYCLOAK_ADMIN_PASSWORD}"
   jwt:
diff --git a/fda-user-service/rest-service/src/main/resources/application-local.yml b/fda-user-service/rest-service/src/main/resources/application-local.yml
index c6ac95610eda5541b3765e8e5ca10939c1b53294..29e2dddbdfa32c50ab327bc3bc2fb1128d920a79 100644
--- a/fda-user-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-user-service/rest-service/src/main/resources/application-local.yml
@@ -22,8 +22,20 @@ spring:
     name: user-service
   cloud:
     loadbalancer.ribbon.enabled: false
+    gateway:
+      httpclient:
+        ssl:
+          useInsecureTrustManager: true
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9098
+server:
+  port: 9098
+  ssl:
+    enabled: true
+    key-alias: server
+    key-store: "./server.keystore"
+    key-store-type: jks
+    key-store-password: password
+    key-password: password
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,13 +43,16 @@ logging:
     at.tuwien.: trace
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: user-service
-  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
+  instance:
+    hostname: user-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9098
+  client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: ./ready
-  gateway.endpoint: http://localhost:9095
+  gateway.endpoint: https://localhost:9095
   keycloak:
-    endpoint: https://localhost:8443/
     username: fda
     password: fda
   jwt:
diff --git a/fda-user-service/rest-service/src/main/resources/application.yml b/fda-user-service/rest-service/src/main/resources/application.yml
index 5f93e7a6182e1972a150ad884e9385752b4c8c0d..a2748c511ba89492d50c0c69552762581519e16d 100644
--- a/fda-user-service/rest-service/src/main/resources/application.yml
+++ b/fda-user-service/rest-service/src/main/resources/application.yml
@@ -23,7 +23,15 @@ spring:
   cloud:
     loadbalancer.ribbon.enabled: false
 management.endpoints.web.exposure.include: health,info,prometheus
-server.port: 9098
+server:
+  port: 9098
+  ssl:
+    enabled: true
+    key-alias: "${KEY_ALIAS}"
+    key-store: "${KEY_STORE}"
+    key-store-type: jks
+    key-store-password: "${KEY_STORE_PASS}"
+    key-password: "${KEY_PASS}"
 logging:
   pattern.console: "%d %highlight(%-5level) %msg%n"
   level:
@@ -31,13 +39,16 @@ logging:
     at.tuwien.: "${LOG_LEVEL}"
     org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
 eureka:
-  instance.hostname: user-service
+  instance:
+    hostname: user-service
+    non-secure-port-enabled: false
+    secure-port-enabled: true
+    secure-port: 9098
   client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/
 fda:
   ready.path: /ready
   gateway.endpoint: "${GATEWAY_ENDPOINT}"
   keycloak:
-    endpoint: https://authentication-service:8443/
     username: "${KEYCLOAK_ADMIN}"
     password: "${KEYCLOAK_ADMIN_PASSWORD}"
   jwt:
diff --git a/fda-user-service/server.keystore b/fda-user-service/server.keystore
new file mode 100644
index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e
Binary files /dev/null and b/fda-user-service/server.keystore differ
diff --git a/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java b/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
index 540b5d96f4e750a5fdea93f0d2da7a46e7c5c44c..fa6ef35e180a6f4ed99b90269cdb4f1364cdeec0 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
@@ -14,9 +14,6 @@ public class GatewayConfig {
     @Value("${fda.gateway.endpoint}")
     private String gatewayEndpoint;
 
-    @Value("${fda.keycloak.endpoint}")
-    private String keycloakEndpoint;
-
     @Value("${fda.keycloak.username}")
     private String keycloakUsername;
 
@@ -24,17 +21,9 @@ public class GatewayConfig {
     private String keycloakPassword;
 
     @Bean
-    public RestTemplate gatewayRestTemplate() {
+    public RestTemplate restTemplate() {
         final RestTemplate restTemplate =  new RestTemplate();
         restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint));
         return restTemplate;
     }
-
-    @Bean
-    public RestTemplate keycloakRestTemplate() {
-        final RestTemplate restTemplate =  new RestTemplate();
-        restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(keycloakEndpoint));
-        return restTemplate;
-    }
-
 }
diff --git a/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java b/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java
index 388480c9be24fb50e83699c7fd2f1a92bd39f8d5..2250fa50884df3f47b0b063975aea74f06203f80 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java
@@ -1,10 +1,7 @@
 package at.tuwien.config;
 
-import at.tuwien.exception.RealmNotFoundException;
-import at.tuwien.service.RealmService;
 import com.google.common.io.Files;
 import lombok.extern.log4j.Log4j2;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.event.ApplicationReadyEvent;
 import org.springframework.context.annotation.Configuration;
@@ -20,16 +17,8 @@ public class ReadyConfig {
     @Value("${fda.ready.path}")
     private String readyPath;
 
-    private final RealmService realmService;
-
-    @Autowired
-    public ReadyConfig(RealmService realmService) {
-        this.realmService = realmService;
-    }
-
     @EventListener(ApplicationReadyEvent.class)
-    public void init() throws IOException, RealmNotFoundException {
-        realmService.update("master");
+    public void init() throws IOException {
         Files.touch(new File(readyPath));
     }
 
diff --git a/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java b/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java
deleted file mode 100644
index 1750cfb525c2947f8f13837b5e89ed7ddc46f8fd..0000000000000000000000000000000000000000
--- a/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package at.tuwien.exception;
-
-import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.ResponseStatus;
-
-@ResponseStatus(code = HttpStatus.NOT_FOUND)
-public class RealmNotFoundException extends Exception {
-
-    public RealmNotFoundException(String msg) {
-        super(msg);
-    }
-
-    public RealmNotFoundException(String msg, Throwable thr) {
-        super(msg, thr);
-    }
-
-    public RealmNotFoundException(Throwable thr) {
-        super(thr);
-    }
-
-}
diff --git a/fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java b/fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java
similarity index 86%
rename from fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java
rename to fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java
index 3d41955d06f05e0897e2bc27db4c784ed6ad3b86..2338d4091ef411be172aceae0288e231480d9430 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java
@@ -4,7 +4,7 @@ import at.tuwien.api.auth.CreateUserDto;
 import at.tuwien.api.auth.TokenDto;
 import at.tuwien.exception.RemoteUnavailableException;
 
-public interface AuthenticationServiceGateway {
+public interface GatewayServiceGateway {
     TokenDto getToken() throws RemoteUnavailableException;
 
     void createUser(String token, CreateUserDto data) throws RemoteUnavailableException;
diff --git a/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java b/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java
similarity index 84%
rename from fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java
rename to fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java
index 19e2544e29a596e34296cb6179c29e3f0443783c..159a07460d68f86fadb2227fefbece480a2921e7 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java
@@ -4,10 +4,9 @@ import at.tuwien.api.auth.CreateUserDto;
 import at.tuwien.api.auth.TokenDto;
 import at.tuwien.config.GatewayConfig;
 import at.tuwien.exception.RemoteUnavailableException;
-import at.tuwien.gateway.AuthenticationServiceGateway;
+import at.tuwien.gateway.GatewayServiceGateway;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.*;
 import org.springframework.stereotype.Service;
 import org.springframework.util.LinkedMultiValueMap;
@@ -18,14 +17,14 @@ import org.springframework.web.client.RestTemplate;
 
 @Log4j2
 @Service
-public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGateway {
+public class GatewayServiceGatewayImpl implements GatewayServiceGateway {
 
     private final RestTemplate restTemplate;
     private final GatewayConfig gatewayConfig;
 
     @Autowired
-    public AuthenticationServiceGatewayImpl(@Qualifier("keycloakRestTemplate") RestTemplate restTemplate,
-                                            GatewayConfig gatewayConfig) {
+    public GatewayServiceGatewayImpl(RestTemplate restTemplate,
+                                     GatewayConfig gatewayConfig) {
         this.restTemplate = restTemplate;
         this.gatewayConfig = gatewayConfig;
     }
@@ -39,7 +38,7 @@ public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGa
         payload.add("password", gatewayConfig.getKeycloakPassword());
         payload.add("grant_type", "password");
         payload.add("client_id", "admin-cli");
-        final String url = "/realms/master/protocol/openid-connect/token";
+        final String url = "/api/auth/realms/master/protocol/openid-connect/token";
         log.debug("call authentication service {}", url);
         final ResponseEntity<TokenDto> response;
         try {
@@ -63,7 +62,7 @@ public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGa
         headers.add("Authorization", "Bearer: " + token);
         final ResponseEntity<Void> response;
         try {
-            response = restTemplate.exchange("/admin/realms/dbrepo/users", HttpMethod.POST, new HttpEntity<>(data, headers), Void.class);
+            response = restTemplate.exchange("/api/auth/admin/realms/dbrepo/users", HttpMethod.POST, new HttpEntity<>(data, headers), Void.class);
         } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) {
             log.error("Failed to create user: {}", e.getMessage());
             throw new RemoteUnavailableException("Failed to create user", e);
diff --git a/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java b/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java
deleted file mode 100644
index db0443c0a78c3c8c2d653edf15901c9a3f2e4686..0000000000000000000000000000000000000000
--- a/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package at.tuwien.repository.jpa;
-
-import at.tuwien.entities.auth.Realm;
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.stereotype.Repository;
-
-import java.util.Optional;
-
-@Repository
-public interface RealmRepository extends JpaRepository<Realm, String> {
-
-    Optional<Realm> findByName(String name);
-
-}
diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java b/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java
deleted file mode 100644
index fc3f15f2880c009c9cbbbe034f36e7ac5fbbd6ae..0000000000000000000000000000000000000000
--- a/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java
+++ /dev/null
@@ -1,10 +0,0 @@
-package at.tuwien.service;
-
-import at.tuwien.entities.auth.Realm;
-import at.tuwien.exception.RealmNotFoundException;
-
-public interface RealmService {
-    Realm find(String name) throws RealmNotFoundException;
-
-    Realm update(String name) throws RealmNotFoundException;
-}
diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java b/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java
index abf06036cb4eac51fe001e25e938dc90f8b5bf99..a44429ae15846283fe9a6efca7a7cb5a6856c342 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java
@@ -1,13 +1,10 @@
 package at.tuwien.service;
 
 import at.tuwien.api.auth.SignupRequestDto;
-import at.tuwien.entities.container.Container;
 import at.tuwien.entities.user.User;
-import at.tuwien.exception.RealmNotFoundException;
 import at.tuwien.exception.RemoteUnavailableException;
 import at.tuwien.exception.UserNotFoundException;
 
-import java.security.Principal;
 import java.util.List;
 
 public interface UserService {
@@ -28,7 +25,15 @@ public interface UserService {
      */
     User findByUsername(String username) throws UserNotFoundException;
 
-    User create(SignupRequestDto data) throws RealmNotFoundException, RemoteUnavailableException, UserNotFoundException;
+    /**
+     * Create a user in the authentication service.
+     *
+     * @param data The user data.
+     * @return The user, if successful.
+     * @throws RemoteUnavailableException
+     * @throws UserNotFoundException
+     */
+    User create(SignupRequestDto data) throws RemoteUnavailableException, UserNotFoundException;
 
     /**
      * Finds a user by id.
diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java b/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java
deleted file mode 100644
index 249876f68dd6d70830025e69f3c93b4e57d5e09a..0000000000000000000000000000000000000000
--- a/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package at.tuwien.service.impl;
-
-import at.tuwien.entities.auth.Realm;
-import at.tuwien.exception.RealmNotFoundException;
-import at.tuwien.repository.jpa.RealmRepository;
-import at.tuwien.service.RealmService;
-import lombok.extern.log4j.Log4j2;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import java.util.Optional;
-
-@Log4j2
-@Service
-public class RealmServiceImpl implements RealmService {
-
-    final RealmRepository realmRepository;
-
-    @Autowired
-    public RealmServiceImpl(RealmRepository realmRepository) {
-        this.realmRepository = realmRepository;
-    }
-
-    @Override
-    public Realm find(String name) throws RealmNotFoundException {
-        final Optional<Realm> optional = realmRepository.findByName(name);
-        if (optional.isEmpty()) {
-            log.error("Failed to find realm with name '{}'", name);
-            throw new RealmNotFoundException("Failed to find realm");
-        }
-        return optional.get();
-    }
-
-    @Override
-    public Realm update(String name) throws RealmNotFoundException {
-        final Realm realm = find("master");
-        realm.setSslRequired("NONE");
-        final Realm entity = realmRepository.save(realm);
-        log.info("Disabled SSL for realm with name '{}'", name);
-        return entity;
-    }
-
-}
diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java b/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
index 50bbea2634ad74620f38e0edd15fa130f63033be..177ce3f4534b1853647f6f4fd1db510bfaf5a768 100644
--- a/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
+++ b/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
@@ -4,10 +4,9 @@ import at.tuwien.api.auth.CreateUserDto;
 import at.tuwien.api.auth.SignupRequestDto;
 import at.tuwien.api.auth.TokenDto;
 import at.tuwien.entities.user.User;
-import at.tuwien.exception.RealmNotFoundException;
 import at.tuwien.exception.RemoteUnavailableException;
 import at.tuwien.exception.UserNotFoundException;
-import at.tuwien.gateway.AuthenticationServiceGateway;
+import at.tuwien.gateway.GatewayServiceGateway;
 import at.tuwien.mapper.UserMapper;
 import at.tuwien.repository.jpa.UserRepository;
 import at.tuwien.service.UserService;
@@ -24,11 +23,11 @@ public class UserServiceImpl implements UserService {
 
     private final UserMapper userMapper;
     private final UserRepository userRepository;
-    private final AuthenticationServiceGateway authenticationServiceGateway;
+    private final GatewayServiceGateway authenticationServiceGateway;
 
     @Autowired
     public UserServiceImpl(UserMapper userMapper, UserRepository userRepository,
-                           AuthenticationServiceGateway authenticationServiceGateway) {
+                           GatewayServiceGateway authenticationServiceGateway) {
         this.userMapper = userMapper;
         this.userRepository = userRepository;
         this.authenticationServiceGateway = authenticationServiceGateway;
@@ -50,8 +49,7 @@ public class UserServiceImpl implements UserService {
     }
 
     @Override
-    public User create(SignupRequestDto data) throws RealmNotFoundException, RemoteUnavailableException,
-            UserNotFoundException {
+    public User create(SignupRequestDto data) throws RemoteUnavailableException, UserNotFoundException {
         final TokenDto dto = authenticationServiceGateway.getToken();
         log.debug("obtained authentication token");
         final CreateUserDto userDto = userMapper.signupRequestDtoToCreateUserDto(data);