// assumes you also use serveHttp (for classes MyHTTPD and NanoHTTPD)
  
static MyHTTPD serveHttps_server;
static int serveHttps_port = 8889;

static void serveHttps(int port, File keystore, S pass) ctex {
  serveHttps_port = port;
  serveHttps_server = new MyHTTPD(port);
  serveHttps_server.makeSecure(serveHttps_makeSSLSocketFactory(keystore, pass));
  serveHttps_server.start();
  print("HTTPS server started (listening on port " + port + "!)");
}

// uses default SSLServerSocketFactory
static void serveHttps(int port) ctex {
  serveHttps_port = port;
  serveHttps_server = new MyHTTPD(port);
  serveHttps_server.makeSecure((SSLServerSocketFactory) SSLServerSocketFactory.getDefault());
  serveHttps_server.start();
  print("HTTPS server started with default socket factory (listening on port " + port + "!)");
}

// seems to assume same password is used for keystore as well as certificate.
static SSLServerSocketFactory serveHttps_makeSSLSocketFactory(File keystoreFile, S passphrase) ctex {
  KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
  InputStream keystoreStream = new FileInputStream(keystoreFile);
  try {
    keystore.load(keystoreStream, passphrase.toCharArray());
  } finally {
    keystoreStream.close();
  }
  TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  trustManagerFactory.init(keystore);
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keystore, passphrase.toCharArray());
  SSLContext ctx = SSLContext.getInstance("TLS");
  ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
  ret ctx.getServerSocketFactory();
}

static void cleanMeUp_serveHttps() {
  if (serveHttps_server != null) {
    serveHttps_server.stop();
    serveHttps_server = null;
  }
}