diff --git a/ncac/centos7/setup.sh b/ncac/centos7/setup.sh
index 070d2ce..b727b73 100644
--- a/ncac/centos7/setup.sh
+++ b/ncac/centos7/setup.sh
@@ -142,7 +142,11 @@ installNewCAC(){
     cp package/${APP_NAME}.jar ${CAC_DIR}/
     unzip -q package/static.zip -d ${CAC_DIR}/
     cp package/cac.conf ${BASE_DIR}/conf/
-    sed -i 's#/home/xydl/ncac#'${CAC_DIR}'#g' ${BASE_DIR}/conf/cac.conf
+    cp package/cac-ssl.conf ${BASE_DIR}/conf/
+    cp package/ca.prikey ${BASE_DIR}/cert/
+    cp package/ca.cert ${BASE_DIR}/cert/
+    sed -i 's#/home/xydl#'${BASE_DIR}'#g' ${BASE_DIR}/conf/cac.conf
+    sed -i 's#/home/xydl#'${BASE_DIR}'#g' ${BASE_DIR}/conf/cac-ssl.conf
     echo ${CAC_DIR}" installed."
     unzip -qj package/${APP_NAME}.jar BOOT-INF/classes/application-prod.yml -d ${CAC_DIR}/config
     sleep 1
@@ -318,6 +322,7 @@ CAC_DIR=${BASE_DIR}/ncac
 mkdir -p ${BIN_DIR}
 mkdir -p ${CAC_DIR}
 mkdir -p ${BASE_DIR}/conf
+mkdir -p ${BASE_DIR}/cert
 if [ ! -e "/etc/rc.d/rc.local" ]; then
     cp package/rc.local /etc/rc.d/
 fi
diff --git a/ncac/package/ca.cert b/ncac/package/ca.cert
new file mode 100644
index 0000000..70be7e6
--- /dev/null
+++ b/ncac/package/ca.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAjmgAwIBAgIJAIneB1zROoZFMA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV
+BAYTAkNOMQswCQYDVQQHDAJTSDEVMBMGA1UECgwMWGluWWluZ1Bvd2VyMQwwCgYD
+VQQDDANDQUMwHhcNMjQxMTI1MDIyNTUwWhcNMzQxMTIzMDIyNTUwWjA/MQswCQYD
+VQQGEwJDTjELMAkGA1UEBwwCU0gxFTATBgNVBAoMDFhpbllpbmdQb3dlcjEMMAoG
+A1UEAwwDQ0FDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYAMPDBk
+mXNNqdO1EPj54QF1ew/3X/4RkTLjicNp+aa4N0+3dsMi15onw1+YX6cTvHek53Qh
+R8A6oFM2ZrCuLS1WQUk1kmXE6xmEVpBTAL/1Z3zLx5wECifbhZ+VgOYI6WJLwxdV
+k4osLj6+vNGK5prqWcxkFxE2nepV56PU34XV2bR0wGylINsrzWIvpL4izN13tN72
+dwYsxwa36xVLlsmT6s+Z06JxR9DlJhu43MJyM37zahWZfMN91F78lP2xOuKN57EC
+rQYypT/KnVLyZWmJh//GuqYWWgBxPFCxy/wR0+D2oMv+w3OPzaTK61baV122/tvc
+12TGvOfU+uTECwIDAQABo1AwTjAdBgNVHQ4EFgQUWmxta9knf2xUkNarEMySmeSY
+w1cwHwYDVR0jBBgwFoAUWmxta9knf2xUkNarEMySmeSYw1cwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAC8OLL2+jR6iVZvOS6Xp8d4OOMScle4L4D51c
+7ZbSKtKeWghsFJ5z9C6jnjER+WrhP73M5OwpPvTEoDVMgXTq3pZX6/G4sGjeovYa
+aPC+lWoTSFUAz1r25dk16e+KMPdPEufeVzrRTmhfvmaDG9Xhcq+DO9fG2j86H7zO
+oDLktLPBl3beV0co9pCXx3M/wgPyLaU2ILWrkESMtudQPsQ4CxMO4Mt6QwCGNmr7
+IWMipYrJrmhGcJs4Ga6QJGBr7g/aiCzj5+c0O6qIIIuOz4s7OVgrMYWii7DHKqsM
+sMIom2Ow68xCVZfRX+DBW69VNHA6rqyANho26cVqoyvjeySEQQ==
+-----END CERTIFICATE-----
diff --git a/ncac/package/ca.prikey b/ncac/package/ca.prikey
new file mode 100644
index 0000000..de1b02c
--- /dev/null
+++ b/ncac/package/ca.prikey
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtYAMPDBkmXNNqdO1EPj54QF1ew/3X/4RkTLjicNp+aa4N0+3
+dsMi15onw1+YX6cTvHek53QhR8A6oFM2ZrCuLS1WQUk1kmXE6xmEVpBTAL/1Z3zL
+x5wECifbhZ+VgOYI6WJLwxdVk4osLj6+vNGK5prqWcxkFxE2nepV56PU34XV2bR0
+wGylINsrzWIvpL4izN13tN72dwYsxwa36xVLlsmT6s+Z06JxR9DlJhu43MJyM37z
+ahWZfMN91F78lP2xOuKN57ECrQYypT/KnVLyZWmJh//GuqYWWgBxPFCxy/wR0+D2
+oMv+w3OPzaTK61baV122/tvc12TGvOfU+uTECwIDAQABAoIBABlhv9RG/DqNamX+
+ikrGVsOFnbVJBVIySKiikjl4z4AvNYHerwx3u46lKzxiSP/PcK4hmTkY/3J2SnyT
+Rn9T4/fDaFWW9Fv1yXULS3uDkWgAcEQ5qpHOmq4E5ukn6RNul/5zVZ8By2DnqMgK
+1Ee5khAvx+go8jJboOSymbLcMW/UnjCvfDmCaqZvvxL7ts5wH5Bk/H1XHG4rW3/b
+RbyYKZ/1WZ1AqldfajvPg49BdTUZwa2XGXKphDXX9EJxYXRkB+It2S2RRILaQEa4
+XAcuHqsIEEVkQn/POjr00sap2vVgdWawf6Ajq39bmt1T1S5JMszKhLB98m1xACGg
+JV8EhGECgYEA5FZ9BuWP2FTrE/gFa8cAmhEol3btw8WX4kuqqdawv+0sTWPG5w36
+aoepxjV4YbaaQwVUI6EeB90CRzUyFed31oIAyiE7tcNf4a0XPiibYjk57unXHSV1
+GyP2dYlcl1vZGSgejSdvaYx0L6yDyu3fE23F6Pw0OSuWuWrRsuBIZbECgYEAy3z3
+/0yAVuX1sXgL2dg9Wj1E9EnL8VLUcuTdz+ftYUkqJnjkdBdA6T9rbtxi+KqOrJ1m
+axFQFwv87grdWkSt37Az0ezhc8qKKCk3wDo4+l3/MFKPHxB25RVic9KOKSbi5pg1
+pu9zjawdc9LXzZGjbtBqw6zUMZWkgCk2s9KMaHsCgYAckdXC7yY4Yyemr/m9qoCg
+xlTV3sORI0AFyIHqDjq/SOWqKTnR3yXd/mt3qWkOkNJsYFZOvvIK+dQ3JKjHpNaR
+uGJw6AeYjoGIsyedV2dZut9MzWVk+DLW2oET48P6DDv1sddgwfZmtnQzItq6oViw
+DaQdqrC+Fn4dZQgn4XgtgQKBgAYTjEBGY4q0wTp0cD4oE+Tu8XEuBvYE2C06IlmD
+/nWqPqT5dTD2RMzyRN4BnL76MNp8tMM7uB2IERx2nJeGd363f0SkgzL2+Fssp+qI
+koz/Y5Bo1rdBwZsjoVX+Epqt+5aRMwDyI4w2eIat5B3SXIQBmz6OmaOFaW0eTfDe
+t6yjAoGAI68RKiS8pJUImiYVV/j8/SXMSnKf3zbzjCK+mF9KesddCA9yKUqCiJFx
+/ZOiTmd0voiBE86DDCdFDGUtGvZESNqFc7z/i74bwyQK4EW3GV2CRH7FJ2B91PUv
+Cm5TZnKTyyIUjTF4lkap9so8DdrYBQS6p6RYuJK+0Ds5tQM+hVQ=
+-----END RSA PRIVATE KEY-----
diff --git a/ncac/package/cac-ssl.conf b/ncac/package/cac-ssl.conf
new file mode 100644
index 0000000..a3f07dd
--- /dev/null
+++ b/ncac/package/cac-ssl.conf
@@ -0,0 +1,22 @@
+server {
+    listen       443 ssl;
+    server_name  cacserver;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    ssl_certificate     /home/xydl/cert/ca.cert;
+    ssl_certificate_key /home/xydl/cert/ca.prikey;
+
+    location / {
+        root   /home/xydl/ncac/static;
+        index  index.html index.htm;
+    }
+
+    location /cac-api/ {
+        proxy_pass http://127.0.0.1:8099/;
+    }
+
+    location /data {
+        alias  /home/xydl/ncac/data;
+        autoindex on;
+    }
+}
diff --git a/ncac/ubuntu22/setup.sh b/ncac/ubuntu22/setup.sh
index 77e8a6a..f63dc42 100644
--- a/ncac/ubuntu22/setup.sh
+++ b/ncac/ubuntu22/setup.sh
@@ -140,7 +140,11 @@ installNewCAC(){
     cp package/${APP_NAME}.jar ${CAC_DIR}/
     unzip -q package/static.zip -d ${CAC_DIR}/
     cp package/cac.conf ${BASE_DIR}/conf/
-    sed -i 's#/home/xydl/ncac#'${CAC_DIR}'#g' ${BASE_DIR}/conf/cac.conf
+    cp package/cac-ssl.conf ${BASE_DIR}/conf/
+    cp package/ca.prikey ${BASE_DIR}/cert/
+    cp package/ca.cert ${BASE_DIR}/cert/
+    sed -i 's#/home/xydl#'${BASE_DIR}'#g' ${BASE_DIR}/conf/cac.conf
+    sed -i 's#/home/xydl#'${BASE_DIR}'#g' ${BASE_DIR}/conf/cac-ssl.conf
     echo ${CAC_DIR}" installed."
     unzip -qj package/${APP_NAME}.jar BOOT-INF/classes/application-prod.yml -d ${CAC_DIR}/config
     sleep 1
@@ -311,6 +315,7 @@ CAC_DIR=${BASE_DIR}/ncac
 mkdir -p ${BIN_DIR}
 mkdir -p ${CAC_DIR}
 mkdir -p ${BASE_DIR}/conf
+mkdir -p ${BASE_DIR}/cert
 if [ ! -e "/etc/rc.local" ]; then
     cp package/rc.local /etc/
 fi