diff --git a/cli/serve.go b/cli/serve.go
index 9fa0e68d61..9037c4511a 100644
--- a/cli/serve.go
+++ b/cli/serve.go
@@ -156,8 +156,18 @@ the way that the kolide server works.
 
 			errs := make(chan error, 2)
 			go func() {
-				logger.Log("transport", "http", "address", *httpAddr, "msg", "listening")
-				errs <- http.ListenAndServe(*httpAddr, nil)
+				if !config.Server.TLS || (devMode && !configManager.IsSet("server.tls")) {
+					logger.Log("transport", "http", "address", *httpAddr, "msg", "listening")
+					errs <- http.ListenAndServe(*httpAddr, nil)
+				} else {
+					logger.Log("transport", "https", "address", *httpAddr, "msg", "listening")
+					errs <- http.ListenAndServeTLS(
+						*httpAddr,
+						config.Server.Cert,
+						config.Server.Key,
+						nil,
+					)
+				}
 			}()
 			go func() {
 				c := make(chan os.Signal)
diff --git a/server/config/config.go b/server/config/config.go
index eb7d4b2c76..4b1404ec25 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -27,6 +27,7 @@ type ServerConfig struct {
 	Address string
 	Cert    string
 	Key     string
+	TLS     bool
 }
 
 // AuthConfig defines configs related to user authorization
@@ -101,6 +102,7 @@ func (man Manager) addConfigs() {
 	man.addConfigString("server.address", "0.0.0.0:8080")
 	man.addConfigString("server.cert", "./tools/osquery/kolide.crt")
 	man.addConfigString("server.key", "./tools/osquery/kolide.key")
+	man.addConfigBool("server.tls", true)
 
 	// Auth
 	man.addConfigString("auth.jwt_key", "CHANGEME")
@@ -151,6 +153,7 @@ func (man Manager) LoadConfig() KolideConfig {
 			Address: man.getConfigString("server.address"),
 			Cert:    man.getConfigString("server.cert"),
 			Key:     man.getConfigString("server.key"),
+			TLS:     man.getConfigBool("server.tls"),
 		},
 		Auth: AuthConfig{
 			JwtKey:      man.getConfigString("auth.jwt_key"),
@@ -187,6 +190,12 @@ func (man Manager) LoadConfig() KolideConfig {
 	}
 }
 
+// IsSet determines whether a given config key has been explicitly set by any
+// of the configuration sources. If false, the default value is being used.
+func (man Manager) IsSet(key string) bool {
+	return man.viper.IsSet(key)
+}
+
 // envNameFromConfigKey converts a config key into the corresponding
 // environment variable name
 func envNameFromConfigKey(key string) string {