diff --git a/.gitignore b/.gitignore
index 82d30cc..dd89203 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 
 node_modules/
+*.pem
diff --git a/README.md b/README.md
index a2e83ad..7147bc8 100644
--- a/README.md
+++ b/README.md
@@ -2,10 +2,17 @@
 # Socket.IO Fiddle
 
 ```
+$ sh generate.sh # create self-signed keys for server-ssl.js and client-ssl.js
 $ npm install
-$ npm start # run the server
+$ npm start # run the server or optionally npm run server
 $ npm run client # run the nodejs client
+$ npm run serverssl # run the server-ssl
+$ npm run clientssl # run the nodejs client-ssl
 ```
 
-And point your browser to `http://localhost:3000`. Optionally, specify
-a port by supplying the `PORT` env variable.
+And point your browser to either `http://localhost:3000` or `https://localhost:3000` depending on which server is running.
+Optionally, specify a port by supplying the `PORT` env variable.
+
+You will have to accept the self-signed warning. Older versions of node are known to have issues. This is a way to test your version of node.
+
+**Known versions to work with SSL/TLS: v8.1.3 -- expect newest versions of v6 and v4 to also work (untested)!**
diff --git a/client-ssl.js b/client-ssl.js
new file mode 100644
index 0000000..5677731
--- /dev/null
+++ b/client-ssl.js
@@ -0,0 +1,20 @@
+
+// for the following to work, you'll have to answer "localhost" at the Common Name question when running generate.sh
+// > Common Name (e.g. server FQDN or YOUR name) []:localhost
+const fs = require('fs');
+const socket = require('socket.io-client')('https://localhost:3000', {
+  rejectUnauthorized: true, // default value
+  ca: fs.readFileSync('./cert.pem')
+});
+
+// USE WITH CAUTION! The following disables the validation of the server's identity
+// see https://nodejs.org/docs/latest/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
+// const socket = require('socket.io-client')('https://localhost:3000', {
+//   rejectUnauthorized: false
+// });
+
+socket.on('connect', onConnect);
+
+function onConnect(){
+  console.log('connect ' + socket.id);
+}
diff --git a/generate.sh b/generate.sh
new file mode 100755
index 0000000..14b8b73
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "You can optionally answer the question, or 'enter' for defaults: (recommend setting common name to localhost)"
+openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -out cert.pem
diff --git a/package.json b/package.json
index ab1fe24..a1b2933 100644
--- a/package.json
+++ b/package.json
@@ -11,6 +11,9 @@
   },
   "scripts": {
     "start": "node server.js",
+    "serverssl": "node server-ssl.js",
+    "clientssl": "node client-ssl.js",
+    "server": "node server.js",
     "client": "node client.js"
   }
 }
diff --git a/server-ssl.js b/server-ssl.js
new file mode 100644
index 0000000..76dc020
--- /dev/null
+++ b/server-ssl.js
@@ -0,0 +1,21 @@
+
+const express = require('express');
+const app = express();
+const fs = require('fs');
+const server = require('https').createServer({
+  key: fs.readFileSync('./key.pem'),
+  cert: fs.readFileSync('./cert.pem'),
+}, app);
+const io = require('socket.io')(server);
+const port = process.env.PORT || 3000;
+
+app.use(express.static(__dirname + '/public'));
+
+io.on('connect', onConnect);
+server.listen(port, () => console.log('server listening on port ' + port));
+
+function onConnect(socket){
+  console.log('connect ' + socket.id);
+
+  socket.on('disconnect', () => console.log('disconnect ' + socket.id));
+}