diff --git a/examples/cernbox/cernbox.toml b/examples/cernbox/cernbox.toml
index 3d87164fdaf..12feb37bb5e 100644
--- a/examples/cernbox/cernbox.toml
+++ b/examples/cernbox/cernbox.toml
@@ -101,7 +101,7 @@ auth_manager = "oidc"
 users = "/etc/revad/users.demo.json"
 
 [grpc.services.authprovider.auth_managers.oidc]
-issuer = "http://idp.docker:8080/realms/cernbox"
+issuer = "https://idp.docker/realms/cernbox"
 uid_claim = "cern_uid"
 gid_claim = "cern_gid"
 gatewaysvc = "{{ vars.internal_gateway }}:19000"
diff --git a/examples/cernbox/web.json b/examples/cernbox/web.json
index e051d3cdf4c..811dfb9bb44 100644
--- a/examples/cernbox/web.json
+++ b/examples/cernbox/web.json
@@ -3,8 +3,8 @@
   "theme": "https://your.nginx.org/cernbox/theme-cernbox/theme.json",
   "version": "0.0.0",
   "openIdConnect": {
-    "metadata_url": "http://idp.docker:8080/realms/cernbox/.well-known/openid-configuration",
-    "authority": "http://idp.docker:8080/realms/cernbox",
+    "metadata_url": "https://idp.docker/realms/cernbox/.well-known/openid-configuration",
+    "authority": "https://idp.docker/realms/cernbox",
     "client_id": "cernbox-oidc",
     "response_type": "code",
     "scope": "openid profile email"
diff --git a/tests/sciencemesh/scripts/gencerts.sh b/tests/sciencemesh/scripts/gencerts.sh
index 17844a663e0..b167de0862a 100755
--- a/tests/sciencemesh/scripts/gencerts.sh
+++ b/tests/sciencemesh/scripts/gencerts.sh
@@ -37,6 +37,8 @@ createCert stub2
 createCert revad1
 createCert revad2
 
+createCert idp
+
 for efss in owncloud nextcloud cernbox; do
   createCert ${efss}1
   createCert ${efss}2
diff --git a/tests/sciencemesh/scripts/testing-sciencemesh.sh b/tests/sciencemesh/scripts/testing-sciencemesh.sh
index 20b244d6ad2..26c90bc0fad 100755
--- a/tests/sciencemesh/scripts/testing-sciencemesh.sh
+++ b/tests/sciencemesh/scripts/testing-sciencemesh.sh
@@ -41,8 +41,8 @@ cp --force ./scripts/init-owncloud-sciencemesh.sh  ./temp/owncloud.sh
 cp --force ./scripts/init-nextcloud-sciencemesh.sh ./temp/nextcloud.sh
 
 # TLS dirs for mounting
-cp --recursive --force ./tls "./temp/${EFSS1}-1-tls"
-cp --recursive --force ./tls "./temp/${EFSS2}-2-tls"
+[ ! -d "${ENV_ROOT}/${EFSS1}-1-tls" ] && cp --recursive --force ./tls "./temp/${EFSS1}-1-tls"
+[ ! -d "${ENV_ROOT}/${EFSS2}-2-tls" ] && cp --recursive --force ./tls "./temp/${EFSS2}-2-tls"
 
 # make sure scripts are executable.
 chmod +x "${ENV_ROOT}/scripts/reva-run.sh"
@@ -72,10 +72,17 @@ docker run --detach --name=collabora.docker --network=testnet -p 9980:9980 -t \
 docker run --detach --network=testnet --name=idp.docker                       \
   -e KEYCLOAK_ADMIN="admin" -e KEYCLOAK_ADMIN_PASSWORD="admin"                \
   -e KC_HOSTNAME="idp.docker"                                                 \
+  -e KC_HTTPS_CERTIFICATE_FILE="/tls/idp.crt"                                 \
+  -e KC_HTTPS_KEY_STORE_FILE="/tls/idp.key"                                   \
   -v "${ENV_ROOT}/cernbox/keycloak:/opt/keycloak/data/import"                 \
-  -p 9080:8080                                                                \
+  -v "${ENV_ROOT}/tls:/tls"                                                   \
+  -p 9443:443                                                                 \
   quay.io/keycloak/keycloak:21.1.1                                            \
   start-dev --import-realm
+#  -e KC_HTTPS_TRUST_STORE_FILE="ca-bundle.crt"
+
+docker exec "idp.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/"
+docker exec "idp.docker" update-ca-certificates >& /dev/null
 
 # EFSS1
 if [ "${EFSS1}" != "cernbox" ]; then
@@ -269,7 +276,7 @@ if [ "${EFSS1}" == "cernbox" ]; then
 docker run --detach --network=testnet                                         \
   --name="${EFSS1}1.docker"                                                   \
   -v "${ENV_ROOT}/temp/cernbox-1-conf:/etc/nginx"                             \
-  -v "${ENV_ROOT}/temp/cernbox-1-conf/config.json:/etc/ocis/config.json"      \
+  -v "${ENV_ROOT}/temp/cernbox-1-conf/config.json:/var/www/web/config.json"   \
   -v "${ENV_ROOT}/tls:/usr/local/share/ca-certificates"                       \
   -v "${ENV_ROOT}/cernbox-web-sciencemesh/web:/var/www/web"                   \
   -v "${ENV_ROOT}/cernbox-web-sciencemesh/cernbox:/var/www/cernbox"           \
@@ -284,7 +291,7 @@ if [ "${EFSS2}" == "cernbox" ]; then
 docker run --detach --network=testnet                                         \
   --name="${EFSS2}2.docker"                                                   \
   -v "${ENV_ROOT}/temp/cernbox-2-conf:/etc/nginx"                             \
-  -v "${ENV_ROOT}/temp/cernbox-2-conf/config.json:/etc/ocis/config.json"      \
+  -v "${ENV_ROOT}/temp/cernbox-2-conf/config.json:/var/www/web/config.json"   \
   -v "${ENV_ROOT}/tls:/usr/local/share/ca-certificates"                       \
   -v "${ENV_ROOT}/cernbox-web-sciencemesh/web:/var/www/web"                   \
   -v "${ENV_ROOT}/cernbox-web-sciencemesh/cernbox:/var/www/cernbox"           \