diff --git a/domismp-tests/domismp-docker/compose/domismp-tomcat-mysql/docker-compose.local.yml b/domismp-tests/domismp-docker/compose/domismp-tomcat-mysql/docker-compose.local.yml
index c9d2740a0b50b59af06232cc6133c44e29fcb7f3..2a2aa14348cbd6c33e4481be653099ee8536d780 100644
--- a/domismp-tests/domismp-docker/compose/domismp-tomcat-mysql/docker-compose.local.yml
+++ b/domismp-tests/domismp-docker/compose/domismp-tomcat-mysql/docker-compose.local.yml
@@ -6,6 +6,7 @@ services:
     ports:
       - "3908:3306"
       - "8982:8080"
+      - "8943:8443"
 #      - "6902:6901"
 #      - "8953:53"
       - "5005:5005"
diff --git a/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/Dockerfile b/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/Dockerfile
index 1e73cf94ee9fd848420616ee45f07644d036464d..d1b889cf342d01207126a55732857a6205727790 100755
--- a/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/Dockerfile
+++ b/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/Dockerfile
@@ -10,7 +10,8 @@ ENV SMP_HOME=/opt/smp  \
     MYSQL_DRV_SHA1=41ec3f8cdaccf6c46a47d7cd628eeb59a926d9d4 \
     TOMCAT_MAJOR=9  \
     TOMCAT_VERSION=9.0.73 \
-    TOMCAT_NAVITVE_VERSION=1.2.36  \
+    TOMCAT_NATIVE_VERSION=1.2.36  \
+    TOMCAT_TLS_KEY_ALIAS=eulogin.protected.smp.local  \
     TOMCAT_SHA512=4deac84d6f8ff147d0060605e85fd2c0bf92b9eb622e426d4acc19d0cd4fc0d46a394e01e5664076a5e4f1c39ae14fc2238ebee53a7779bf086540f6dc4967c8 \
     JAVA_8_VERSION="jdk8u402-b06" \
     JAVA_8_URL_FILENAME="OpenJDK8U-jdk_x64_linux_hotspot_8u402b06.tar.gz" \
@@ -52,7 +53,7 @@ ENV TOMCAT_HOME=/opt/apache-tomcat-$TOMCAT_VERSION  \
 # - 8080 Tomcat port
 # - 53 dns port
 # - JDPA debug port
-EXPOSE 3306 8080 6901 53 5005
+EXPOSE 3306 8080 8443 6901 53 5005
 
 VOLUME ["/data"]
 
@@ -124,7 +125,7 @@ RUN  echo "smp.jdbc.driver=com.mysql.cj.jdbc.Driver" >  $SMP_HOME/apache-tomcat-
     
 RUN cd $SMP_HOME/apache-tomcat-$TOMCAT_VERSION/bin \
     && tar xfz tomcat-native.tar.gz \
-    && cd tomcat-native-${TOMCAT_NAVITVE_VERSION}-src/native \
+    && cd tomcat-native-${TOMCAT_NATIVE_VERSION}-src/native \
     && ./configure && make && make install 
 
 # download and deploy sml
diff --git a/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/entrypoint.sh b/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/entrypoint.sh
index 871eb8793b149f31828b4fb0508049f5b52a935e..bbee50821a1285de1a0cc3cd079ca4829b52f31f 100755
--- a/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/entrypoint.sh
+++ b/domismp-tests/domismp-docker/images/domismp-tomcat-mysql/entrypoint.sh
@@ -89,8 +89,30 @@ init_tomcat() {
 
   # sleep a little to avoid mv issues
   sleep 5s
+
+  configureServerHttps
 }
 
+function configureServerHttps() {
+  echo "Create Tomcat HTTPS..."
+
+  cp /tmp/artefacts/shared-artefacts/server* ${TOMCAT_HOME}/
+  # Because tomcat-native.tar.gz is installed we can use APR connector
+  sed -i.bak -e "s#</Service>#<Connector port=\"8443\" protocol=\"org.apache.coyote.http11.Http11AprProtocol\"  \
+		maxThreads=\"200\" maxParameterCount=\"1000\"  \
+	  scheme=\"https\" secure=\"true\" SSLEnabled=\"true\" \
+		clientAuth=\"true\" sslProtocol=\"TLS\" \
+  	keystoreType=\"PKCS12\" \
+		keystoreFile=\"/tmp/artefacts/shared-artefacts/server-keystore.p12\" \
+    keyAlias=\"${TOMCAT_TLS_KEY_ALIAS}\" \
+  	keystorePass=\"test123\" \
+  	keyPass=\"test123\"   \
+    truststoreType=\"PKCS12\" \
+  	truststoreFile=\"/tmp/artefacts/shared-artefacts/server-truststore.p12\"  \
+  	truststorePass=\"test123\"  \
+  	/> \
+	</Service>#g" "${TOMCAT_HOME}/conf/server.xml"
+}
 init_mysql() {
   echo "[INFO] init database:"
   if [ ! -d "/run/mysqld" ]; then
diff --git a/domismp-tests/domismp-docker/images/shared-artefacts/README.md b/domismp-tests/domismp-docker/images/shared-artefacts/README.md
index eb736c87265d9dea6f48aa298de6b5f5b531f949..e41214f1a13ea724e2f7ce642d91d1f1d6821fa9 100644
--- a/domismp-tests/domismp-docker/images/shared-artefacts/README.md
+++ b/domismp-tests/domismp-docker/images/shared-artefacts/README.md
@@ -1,6 +1,11 @@
-The SMP keystore and SML truststore are needed for SMP/SML integration.
- - [sml-truststore.p12](sml-truststore.p12)
- - [smp-keystore-docker.p12](smp-keystore-docker.p12)
+# Test keystores and truststores
+The folder contains the keystore and truststore files needed for the SMP/SML integration and the Tomcat HTTPS endpoint.
+
+## The SMP keystore and SML truststore are needed for SMP/SML integration.
+ - [sml-truststore-docker-demo.p12](sml-truststore-docker-demo.p12)
+ - [smp-keystore-docker-demo.p12](smp-keystore-docker-demo.p12)
+
+(Keystore and key password: test123)
 
 The smp certificates 
  - CN=smp_domain_01,OU=edelivery,O=digit,C=eu
@@ -8,4 +13,40 @@ The smp certificates
 are registered in SML as trusted certificates for domains
  - domain-01.test.edelivery.local 
  - domain-02.test.edelivery.local
+
 For detailed DomiSML configuration see the SML init script:[sml-mysql5innodb-data.sql](sml-mysql5innodb-data.sql)
+
+
+# Tomcate HTTPS endpoint
+The Tomcat instance is configured with a mutual TLS endpoint. To access the HTTPS endpoint, start the Docker container with the following port mapping:
+example snipped for docker-compose.yml:
+
+    ports:
+      - "8943:8443"
+
+Then you can access the TLS endpoint via:
+
+https://localhost:8943/smp/
+Or (if the domain is correctly configured)
+https://eulogin.protected.smp.local:8943/smp/ 
+
+Important: Tomcat is configured for mutual authentication, therefore users must have a client TLS certificate. 
+To access the HTTPS endpoint via a browser, install the client certificate in your browser. 
+The pre-configured client certificate/key is provided in the keystore:
+[client-tls-keystore.p12](client-tls-keystore.p12)
+(Keystore and key password: test123)
+
+# Test TLS client certificate for REST API (using SOAPUI) with mutual HTTPS authentication
+To register new participants using the REST API with mutual HTTPS authentication, first register the certificate located at:
+[client_test.cer](client_test.cer)
+
+This can be done via the DomiSMP UI.
+1. Log in as user: “user” 
+2. Upload the certificate on the "user settings" page under “Certificate”.
+
+If you are using SOAPUI, add the SSL configuration using the keystore:
+[client-tls-keystore.p12](client-tls-keystore.p12)
+
+Then target the HTTPS endpoint:
+https://localhost:8943/smp/
+
diff --git a/domismp-tests/domismp-docker/images/shared-artefacts/client-tls-keystore.p12 b/domismp-tests/domismp-docker/images/shared-artefacts/client-tls-keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..dfde3d28d8378097b7bc19da8d32dcf98628d7ac
Binary files /dev/null and b/domismp-tests/domismp-docker/images/shared-artefacts/client-tls-keystore.p12 differ
diff --git a/domismp-tests/domismp-docker/images/shared-artefacts/client_test.cer b/domismp-tests/domismp-docker/images/shared-artefacts/client_test.cer
new file mode 100644
index 0000000000000000000000000000000000000000..79d5152c4afdbc51976695b221ecc0c49e72be94
--- /dev/null
+++ b/domismp-tests/domismp-docker/images/shared-artefacts/client_test.cer
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgCgAwIBAgIEZxkhQDANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJl
+dTESMBAGA1UECgwJZWRlbGl2ZXJ5MRUwEwYDVQQLDAx0ZXN0aW5nIHRlYW0xFDAS
+BgNVBAMMC2NsaWVudC10ZXN0MB4XDTI0MTAyMzE2MTYwMFoXDTM0MTAyMzE2MTYw
+MFowTjELMAkGA1UEBhMCZXUxEjAQBgNVBAoMCWVkZWxpdmVyeTEVMBMGA1UECwwM
+dGVzdGluZyB0ZWFtMRQwEgYDVQQDDAtjbGllbnQtdGVzdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKsza4B8qsbFW/n/eO49K1S6OwQxy0Jjw3Pckp+5
+BmwGpqsFhh9EACzQAb1ekRhpmY2wNLrk0JAk/0J/LEOOsFjoSIG2539CsiV/FHje
+ZEAuhULJW1n1/PHxamWa6GN/1VeVjRsqDts7MNkjQEYGYwENG9h7zxZ4J89j252y
+URH/gdUHLbyGq4XFrDNPTBajID8R+FIQwN/rcLzpMjZtGGN2za4zmAOOPkGQsHVa
++ZnbZulp4ONGeytwArmDF54jQxtf5c6yg/MPi12oDmV4laAe8Zu1VC67qD7p+lPo
+UgYf2o8Ox6WEeTddOfNKVBGx5O7PsbISX7aRV4BF2K8X548CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAewZdHY153Kmqdyjw8SjxL657liVHJV17qhbrETcwvDIOPDMQ
+zN9LLCrYkJ3o26FncVSV7SFARichZ+BddOlqCA3L7jbYu0m5pAqIcr+l387WBCG2
+AkK9hE1Al+C1XILVJw07ZVMu5Yzg8Ojt73z1SBypNB/vhc1chOnPjmBqKMWU0wFI
+F2Tcs56yng7BBOgVsQw2hj5ejzt9q7dcND/qEpc26P9f0gX4QP8FTBmA706F00io
+tp8Le5mJKjTNnBKYWnslXyG/2cbPX0ez4MOpTr/aTGXqiw0aUuNPQDUu8Op35ci6
+fGb7XFE0T4yg1IvAbIgG5ylFmeW1G4ddcTz0Dw==
+-----END CERTIFICATE-----
diff --git a/domismp-tests/domismp-docker/images/shared-artefacts/server-keystore.p12 b/domismp-tests/domismp-docker/images/shared-artefacts/server-keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..4fc65a521189e1c3b8fdbae8682b303a3ad7c980
Binary files /dev/null and b/domismp-tests/domismp-docker/images/shared-artefacts/server-keystore.p12 differ
diff --git a/domismp-tests/domismp-docker/images/shared-artefacts/server-truststore.p12 b/domismp-tests/domismp-docker/images/shared-artefacts/server-truststore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..c1c63fc254b43927c45081d33f909400e7c86e4e
Binary files /dev/null and b/domismp-tests/domismp-docker/images/shared-artefacts/server-truststore.p12 differ