diff --git a/e2e-test/qa/Makefile b/e2e-test/qa/Makefile
index c8c00a380..6fb803113 100644
--- a/e2e-test/qa/Makefile
+++ b/e2e-test/qa/Makefile
@@ -53,7 +53,7 @@ clean: ## main: kill containers
 # just waits for a alfresco and solr to start
 wait: ## main: wait for alfresco service && solr to startup	
 	$(helpers)/wait-service-to-start.sh && \
-	$(helpers)/wait-service-to-start.sh http://localhost:8083/solr	
+	$(helpers)/wait-service-to-start.sh http://localhost:8083/solr
 
 standard: ## main: start with standard docker-compose.yml file
 	make clean && $(dc) config && $(dc) up -d && make wait
diff --git a/e2e-test/qa/search/custom/Makefile b/e2e-test/qa/search/custom/Makefile
index 17fe711b6..3114c2a0d 100644
--- a/e2e-test/qa/search/custom/Makefile
+++ b/e2e-test/qa/search/custom/Makefile
@@ -10,9 +10,9 @@ endif
 
 
 ## ---- CUSTOM
-build: ## 1 - build a custom image: $ make SCRIPTS_FOLDER=spellcheck custom-build	
+build: ## 1 - build a custom image: $ make SCRIPTS_FOLDER=spellcheck build	
 ifndef SCRIPTS_FOLDER
-	@echo SCRIPTS_FOLDER not defined "Usage: make SCRIPTS_FOLDER=spellcheck custom-build"
+	@echo SCRIPTS_FOLDER not defined "Usage: make SCRIPTS_FOLDER=spellcheck build"
 	exit 1
 endif
 	$(dc-custom) build  --force-rm --no-cache --pull --build-arg SCRIPTS_FOLDER=$(SCRIPTS_FOLDER)
diff --git a/e2e-test/qa/search/ssl/.env b/e2e-test/qa/search/ssl/.env
new file mode 100644
index 000000000..4b81b609b
--- /dev/null
+++ b/e2e-test/qa/search/ssl/.env
@@ -0,0 +1,11 @@
+# docker-compose related environments
+ALFRESCO_IMAGE=alfresco/alfresco-content-repository
+ALFRESCO_TAG=6.1.0-EA3
+SHARE_IMAGE=alfresco/alfresco-share
+SHARE_TAG=6.0
+POSTGRES_IMAGE=postgres
+POSTGRES_TAG=10.1
+SEARCH_IMAGE=quay.io/alfresco/search-services
+SEARCH_TAG=latest
+ACTIVEMQ_IMAGE=alfresco/alfresco-activemq
+ACTIVEMQ_TAG=5.15.6
\ No newline at end of file
diff --git a/e2e-test/qa/search/ssl/Makefile b/e2e-test/qa/search/ssl/Makefile
new file mode 100644
index 000000000..85062e4ed
--- /dev/null
+++ b/e2e-test/qa/search/ssl/Makefile
@@ -0,0 +1,23 @@
+include ../../Makefile
+include .env
+
+# CURRENT_DIR is the folder where this Makefile is saved
+CURRENT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+
+ifeq ($(dc-custom),)
+	dc-custom:=$(dc) -f ../docker-compose.yml -f docker-compose.ssl.yml
+endif
+
+ssl: ## 0 - starts search service with SSL enabled
+	$(dc-custom) build && \
+	$(dc-custom) up -d && \
+	make wait
+
+wait:
+	$(helpers)/wait-service-to-start.sh
+	
+clean:
+	$(dc-custom) kill && $(dc-custom) rm -fv
+
+logs:
+	$(dc-custom) logs -f
\ No newline at end of file
diff --git a/e2e-test/qa/search/ssl/README.md b/e2e-test/qa/search/ssl/README.md
new file mode 100644
index 000000000..d2b619d11
--- /dev/null
+++ b/e2e-test/qa/search/ssl/README.md
@@ -0,0 +1,27 @@
+## About
+
+Try to start Alfresco & Search Services with SSL enabled
+
+### How to run it
+>this will clean any volumes any docker services that are running
+> and starts a new alfresco and search service(s) built with ssl enabled
+
+```shell
+$ make clean ssl
+```
+
+>There are also configuration on alfresco part - where we use the shared volume of search to take the same keystore data (see [docker-compose.ssl.yml](./docker-compose.ssl.yml) )
+
+> clean everything with `make clean`
+
+### Test it in browser
+
+* open Firefox and import [browser.p12](./browser.p12) certificate (when asked add password: `alfresco`). I think you can also add an exception and pass unsecure connection warning!
+
+| Alfresco        | Solr           | Share  |
+| :------------- |:-------------| :-----|
+| **SSL:** https://localhost:7070/alfresco | **SSL:** https://localhost:8084/solr | |
+| **No-SSL:** http://localhost:8081/alfresco | **No-SSL:** -     |   **No-SSL:** http://localhost:8082/share/   |
+
+>I've also enabled [spellcheck](./search/scripts/enable-spellcheck.sh) feature, so in Share, try to do a search for "[alfrezco](http://localhost:8082/share/page/dp/ws/faceted-search#searchTerm=alfrezco&scope=repo&sortField=null)"
+
diff --git a/e2e-test/qa/search/ssl/alfresco/6.1-server.xml b/e2e-test/qa/search/ssl/alfresco/6.1-server.xml
new file mode 100644
index 000000000..10564c82e
--- /dev/null
+++ b/e2e-test/qa/search/ssl/alfresco/6.1-server.xml
@@ -0,0 +1,188 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         Java HTTP Connector: /docs/config/http.html
+         Java AJP  Connector: /docs/config/ajp.html
+         APR (HTTP/AJP) Connector: /docs/apr.html
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+    -->
+    <Connector port="8080" protocol="HTTP/1.1"
+               Server=" "
+               connectionTimeout="20000"
+               redirectPort="8443" />
+
+     <!--base on: 
+     http://docs.alfresco.com/6.1/tasks/configure-ssl-test.html 
+     http://docs.alfresco.com/community/concepts/configure-ssl-intro.html
+     -->
+     <Connector port="7070" 
+        protocol="org.apache.coyote.http11.Http11Nio2Protocol"
+        sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
+        maxThreads="150"
+        SSLEnabled="true">
+     <SSLHostConfig certificateVerification="required" 
+          truststoreFile="/keystore/ssl.repo.client.truststore" 
+          truststorePassword="kT9X6oe68t" 
+          truststoreType="JCEKS" >
+     <Certificate certificateKeystoreFile="/keystore/ssl.repo.client.keystore"
+          certificateKeystorePassword="kT9X6oe68t"
+          certificateKeystoreType="JCEKS" />
+     </SSLHostConfig>
+     </Connector>
+
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    -->
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+         This connector uses the NIO implementation. The default
+         SSLImplementation will depend on the presence of the APR/native
+         library and the useOpenSSL attribute of the
+         AprLifecycleListener.
+         Either JSSE or OpenSSL style configuration may be used regardless of
+         the SSLImplementation selected. JSSE style configuration is used below.
+    -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true">
+        <SSLHostConfig>
+            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+                         type="RSA" />
+        </SSLHostConfig>
+    </Connector>
+    -->
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+         This connector uses the APR/native implementation which always uses
+         OpenSSL for TLS.
+         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+         configuration is used below.
+    -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+               maxThreads="150" SSLEnabled="true" >
+        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+        <SSLHostConfig>
+            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+                         certificateFile="conf/localhost-rsa-cert.pem"
+                         certificateChainFile="conf/localhost-rsa-chain.pem"
+                         type="RSA" />
+        </SSLHostConfig>
+    </Connector>
+    -->
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+    -->
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->
+
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html
+             Note: The pattern used is equivalent to using pattern="common" -->
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>
diff --git a/e2e-test/qa/search/ssl/alfresco/Dockerfile b/e2e-test/qa/search/ssl/alfresco/Dockerfile
new file mode 100644
index 000000000..a7a48d738
--- /dev/null
+++ b/e2e-test/qa/search/ssl/alfresco/Dockerfile
@@ -0,0 +1,5 @@
+ARG ALFRESCO_TAG=6.1.0-EA3
+FROM quay.io/alfresco/alfresco-content-repository:$ALFRESCO_TAG
+LABEL creator="Paul Brodner" maintainer="Alfresco Search Services Team"
+
+COPY 6.1-server.xml /usr/local/tomcat/conf/server.xml
diff --git a/e2e-test/qa/search/ssl/browser.p12 b/e2e-test/qa/search/ssl/browser.p12
new file mode 100644
index 000000000..2b2804e1e
Binary files /dev/null and b/e2e-test/qa/search/ssl/browser.p12 differ
diff --git a/e2e-test/qa/search/ssl/docker-compose.ssl.yml b/e2e-test/qa/search/ssl/docker-compose.ssl.yml
new file mode 100644
index 000000000..e6fe7968a
--- /dev/null
+++ b/e2e-test/qa/search/ssl/docker-compose.ssl.yml
@@ -0,0 +1,64 @@
+version: '3'
+services:  
+  alfresco:
+    image: alfresco-content-repository-ssl:${ALFRESCO_TAG}
+    build:
+       context: ./ssl/alfresco       
+    environment:
+      JAVA_OPTS : "
+        -Ddb.driver=org.postgresql.Driver
+        -Ddb.username=alfresco
+        -Ddb.password=alfresco
+        -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
+        -Dsolr.host=search
+        -Dsolr.port=8443
+        -Dsolr.port.ssl=8443        
+        -Dalfresco.protocol=https
+        -Dalfresco.port.ssl=7070
+        -Dsolr.secureComms=https
+        -Dalfresco.secureComms=https
+        -Dalfresco.encryption.ssl.keystore.type=JCEKS
+        -Dalfresco.encryption.ssl.keystore.provider=
+        -Dalfresco.encryption.ssl.keystore.location=/keystore/ssl.repo.client.keystore
+        -Dalfresco.encryption.ssl.keystore.passwordFileLocation=/keystore/ssl-keystore-passwords.properties
+        -Dalfresco.encryption.ssl.truststore.type=JCEKS
+        -Dalfresco.encryption.ssl.truststore.provider=
+        -Dalfresco.encryption.ssl.truststore.location=/keystore/ssl.repo.client.truststore
+        -Dalfresco.encryption.ssl.truststore.passwordFileLocation=/keystore/ssl-truststore-passwords.properties
+        -Dsolr.base.url=/solr
+        -Dindex.subsystem.name=solr6
+        -Dalfresco.restApi.basicAuthScheme=true
+        -Ddeployment.method=DOCKER_COMPOSE
+        -Dcsrf.filter.enabled=false        
+        -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
+        "
+    ports:
+      - "7203:7203" #JMX connect via service:jmx:rmi:///jndi/rmi://localhost:7203/jmxrmi
+      - "5005:5005" #Java debugging
+      - "8081:8080" #Browser port for Alfresco
+      - "7070:7070" #SSL Browser port for Alfresco
+    volumes:
+      - shared-volume:/keystore
+
+  search:    
+    image: search-services-ssl:${SEARCH_TAG}
+    build:
+       context: ./ssl/search       
+    environment:      
+      SOLR_SSL_KEY_STORE: /opt/alfresco-search-services/solrhome/templates/rerank/conf/ssl.repo.client.keystore
+      SOLR_SSL_KEY_STORE_PASSWORD: kT9X6oe68t
+      SOLR_SSL_KEY_STORE_TYPE: JCEKS
+      SOLR_SSL_TRUST_STORE: /opt/alfresco-search-services/solrhome/templates/rerank/conf/ssl.repo.client.truststore
+      SOLR_SSL_TRUST_STORE_PASSWORD: kT9X6oe68t
+      SOLR_SSL_TRUST_STORE_TYPE: JCEKS
+      SOLR_SSL_NEED_CLIENT_AUTH: "true"
+      SOLR_SSL_WANT_CLIENT_AUTH: "false"      
+      SOLR_PORT: 8443
+    ports: 
+      - 8083:8983 #Browser port
+      - 8084:8443 #SSL Port
+    volumes: 
+      - shared-volume:/opt/alfresco-search-services/solrhome/templates/rerank/conf
+      
+volumes:
+  shared-volume:
\ No newline at end of file
diff --git a/e2e-test/qa/search/ssl/search/Dockerfile b/e2e-test/qa/search/ssl/search/Dockerfile
new file mode 100644
index 000000000..67facb9b5
--- /dev/null
+++ b/e2e-test/qa/search/ssl/search/Dockerfile
@@ -0,0 +1,15 @@
+ARG SEARCH_TAG=latest
+FROM quay.io/alfresco/search-services:$SEARCH_TAG
+LABEL creator="Paul Brodner" maintainer="Alfresco Search Services Team"
+
+
+USER root
+RUN echo " &" >> $DIST_DIR/solr/bin/search_config_setup.sh && \
+    echo "bash -c \"find $DIST_DIR/scripts/ -maxdepth 1 -type f -executable -name '*.sh' -exec {} \\;\"" >> $DIST_DIR/solr/bin/search_config_setup.sh && \
+    echo "bash -c \"tail -f $DIST_DIR/logs/solr.log\"" >> $DIST_DIR/solr/bin/search_config_setup.sh
+
+USER solr
+COPY scripts/* ${DIST_DIR}/scripts/
+
+# we need this, because we tail on it in the search_config_setup.sh (see above)
+RUN touch ./logs/solr.log
\ No newline at end of file
diff --git a/e2e-test/qa/search/ssl/search/scripts/enable-spellcheck.sh b/e2e-test/qa/search/ssl/search/scripts/enable-spellcheck.sh
new file mode 100755
index 000000000..d241ed55d
--- /dev/null
+++ b/e2e-test/qa/search/ssl/search/scripts/enable-spellcheck.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -ex
+
+echo "Enabling SpellCheck"
+cat <<EOF >> /opt/alfresco-search-services/solrhome/conf/shared.properties
+
+# Enabling SpellCheck
+# configuration: 
+# * http://docs.alfresco.com/6.0/concepts/solr-shared-properties.html
+# * https://docs.alfresco.com/5.2/tasks/solr6-install-withoutSSL.html
+# test it: http://docs.alfresco.com/6.0/concepts/search-api-spellcheck.html
+
+# Suggestable Properties
+alfresco.suggestable.property.0={http://www.alfresco.org/model/content/1.0}name
+alfresco.suggestable.property.1={http://www.alfresco.org/model/content/1.0}title 
+alfresco.suggestable.property.2={http://www.alfresco.org/model/content/1.0}description 
+alfresco.suggestable.property.3={http://www.alfresco.org/model/content/1.0}content
+
+EOF
\ No newline at end of file
diff --git a/e2e-test/qa/search/ssl/search/scripts/update-solrcore.properties.sh b/e2e-test/qa/search/ssl/search/scripts/update-solrcore.properties.sh
new file mode 100755
index 000000000..25d0b3bb8
--- /dev/null
+++ b/e2e-test/qa/search/ssl/search/scripts/update-solrcore.properties.sh
@@ -0,0 +1,22 @@
+set -ex
+# author: paul brodner
+#
+# it seems 'archive' and 'alfresco' cores are using the rerank templates (/opt/alfresco-search-services/solrhome/templates/rerank/) by default
+# When solr starts and 'archive' and 'alfresco' cores are created
+# data from /opt/alfresco-search-services/solrhome/templates/rerank/ is applied
+
+echo "Enabling SSL"
+cat <<EOF >> /opt/alfresco-search-services/solrhome/templates/rerank/conf/solrcore.properties
+
+alfresco.port=7070
+alfresco.protocol=https
+alfresco.port.ssl=7070
+alfresco.secureComms=https
+
+solr.port=8443        
+solr.port.ssl=8443
+solr.secureComms=https
+solr.solrConnectTimeout=5000
+enable.alfresco.tracking=true
+
+EOF