diff --git a/server/.gitignore b/server/.gitignore
index b22a054fcaba43a9a70b0665c58fbad9dbb1e8ec..adcf7aa4b5be49a167eddc502e650c9134c69bdd 100644
--- a/server/.gitignore
+++ b/server/.gitignore
@@ -18,4 +18,7 @@ public/
 # For legacy copies of repo
 documents
 vector-cache
-yarn-error.log
\ No newline at end of file
+yarn-error.log
+
+# Local SSL Certs for HTTPS
+sslcert
\ No newline at end of file
diff --git a/server/index.js b/server/index.js
index 7874045bea677a46b9f64b8c220eeedc7cd3fbca..59d8fec68b42c0a90843e434b72297577afac906 100644
--- a/server/index.js
+++ b/server/index.js
@@ -36,7 +36,12 @@ app.use(
   })
 );
 
-require("express-ws")(app);
+if (!!process.env.ENABLE_HTTPS) {
+  bootSSL(app, process.env.SERVER_PORT || 3001);
+} else {
+  require("express-ws")(app); // load WebSockets in non-SSL mode.
+}
+
 app.use("/api", apiRouter);
 systemEndpoints(apiRouter);
 extensionEndpoints(apiRouter);
@@ -109,8 +114,6 @@ app.all("*", function (_, response) {
   response.sendStatus(404);
 });
 
-if (!!process.env.ENABLE_HTTPS) {
-  bootSSL(app, process.env.SERVER_PORT || 3001);
-} else {
-  bootHTTP(app, process.env.SERVER_PORT || 3001);
-}
+// In non-https mode we need to boot at the end since the server has not yet
+// started and is `.listen`ing.
+if (!process.env.ENABLE_HTTPS) bootHTTP(app, process.env.SERVER_PORT || 3001);
diff --git a/server/utils/boot/index.js b/server/utils/boot/index.js
index ea95e1f52c6fc1ea8e58e5ddc84fc4ffd67d5eb4..2022f66e8522c3da54057e7d0f003f8051984ba2 100644
--- a/server/utils/boot/index.js
+++ b/server/utils/boot/index.js
@@ -12,16 +12,18 @@ function bootSSL(app, port = 3001) {
     const privateKey = fs.readFileSync(process.env.HTTPS_KEY_PATH);
     const certificate = fs.readFileSync(process.env.HTTPS_CERT_PATH);
     const credentials = { key: privateKey, cert: certificate };
+    const server = https.createServer(credentials, app);
 
-    https
-      .createServer(credentials, app)
+    server
       .listen(port, async () => {
         await setupTelemetry();
         new CommunicationKey(true);
         console.log(`Primary server in HTTPS mode listening on port ${port}`);
       })
       .on("error", catchSigTerms);
-    return app;
+
+    require("express-ws")(app, server); // Apply same certificate + server for WSS connections
+    return { app, server };
   } catch (e) {
     console.error(
       `\x1b[31m[SSL BOOT FAILED]\x1b[0m ${e.message} - falling back to HTTP boot.`,
@@ -46,7 +48,8 @@ function bootHTTP(app, port = 3001) {
       console.log(`Primary server in HTTP mode listening on port ${port}`);
     })
     .on("error", catchSigTerms);
-  return app;
+
+  return { app, server: null };
 }
 
 function catchSigTerms() {