The REST services will only be exposed through HTTPS to ensure that the common threats associated with the HTTP traffic are mitigated. The administrator will have the option of updating the SSL self-signed certificate with a customer-provided certificate (for example, by uploading a PKCS-12 certificate or by signing an application-generated CSR).