diff --git a/app/views/js/_websocket_js.haml b/app/views/js/_websocket_js.haml
index 211b2033f..4e4d26170 100644
--- a/app/views/js/_websocket_js.haml
+++ b/app/views/js/_websocket_js.haml
@@ -8,9 +8,9 @@
   $(document).ready(function(){
     function debug(str){ $("#debug").append("<p>" +  str); };
 
-    ws = new WebSocket("ws://#{request.host}:#{APP_CONFIG[:socket_port]}/");
+    ws = new WebSocket("#{(APP_CONFIG[:socket_secure])?'wss':'ws'}://#{request.host}:#{APP_CONFIG[:socket_port]}/");
 
-  //Attach onmessage to websocket
+    //Attach onmessage to websocket
     ws.onmessage = function(evt) {
       var obj = jQuery.parseJSON(evt.data);
 
diff --git a/config/app_config.yml.example b/config/app_config.yml.example
index 3e9016a7f..5a1edffb9 100644
--- a/config/app_config.yml.example
+++ b/config/app_config.yml.example
@@ -28,6 +28,12 @@ default:
   socket_port: 8080
   socket_collection_name: 'websocket'
 
+  # Secure websocket confguration (wss://)
+  # requires SSL cert and key
+  socket_secure: false
+  socket_private_key_location: '/full/path/to/file.key'
+  socket_cert_chain_location: '/full/path/to/cert_chain.crt'
+
   # Diaspora is only tested against this default pubsub server.
   pubsub_server: 'https://pubsubhubbub.appspot.com/'
 
diff --git a/script/websocket_server.rb b/script/websocket_server.rb
index f8ea6d561..129d97779 100644
--- a/script/websocket_server.rb
+++ b/script/websocket_server.rb
@@ -45,10 +45,20 @@ begin
   EM.run {
     Diaspora::WebSocket.initialize_channels
 
-    EventMachine::WebSocket.start(
-                  :host => APP_CONFIG[:socket_host],
-                  :port => APP_CONFIG[:socket_port],
-                  :debug =>APP_CONFIG[:socket_debug]) do |ws|
+    socket_params = { :host => APP_CONFIG[:socket_host],
+                      :port => APP_CONFIG[:socket_port],
+                      :debug =>APP_CONFIG[:socket_debug] }
+
+    if APP_CONFIG[:socket_secure] && APP_CONFIG[:socket_private_key_location] && APP_CONFIG[:socket_cert_chain_location]
+      socket_params[:secure] = true;
+      socket_params[:tls_options] = {
+                    :private_key_file => APP_CONFIG[:socket_private_key_location],
+                    :cert_chain_file  => APP_CONFIG[:socket_cert_chain_location]
+      }
+    end
+    
+    EventMachine::WebSocket.start( socket_params ) do |ws|
+
       ws.onopen {
         begin
           debug_pp ws.request