VOL-264: REST Channel ( External REST Client <==> Chameleon) needs to be Secured

These are voltha itest and documentation updates after enforcing a https based
REST server implementation from the chameleon.

The chameleon related changes are already available as part of another review
https://gerrit.opencord.org/#/c/4478/ .

Change-Id: Icd585bb0403524c2e7a0f46fddcf3046876042b4
diff --git a/docker/Dockerfile.chameleon b/docker/Dockerfile.chameleon
index bf20c9f..0d6c1cd 100644
--- a/docker/Dockerfile.chameleon
+++ b/docker/Dockerfile.chameleon
@@ -38,6 +38,7 @@
 RUN mkdir /chameleon && touch /chameleon/__init__.py
 ENV PYTHONPATH=/chameleon
 COPY tmp.chameleon /chameleon/chameleon
+COPY pki /chameleon/pki
 
 # Exposing process and default entry point
 CMD ["python", "chameleon/chameleon/main.py"]
diff --git a/docs/manuals/user/labtests/V02_voltha_bringup_rest.md b/docs/manuals/user/labtests/V02_voltha_bringup_rest.md
index 8fb25eb..d3cfa08 100644
--- a/docs/manuals/user/labtests/V02_voltha_bringup_rest.md
+++ b/docs/manuals/user/labtests/V02_voltha_bringup_rest.md
@@ -2,7 +2,7 @@
 
 ### Test Objective
 
-* The purpose of this test is to verify REST-based HTTP connectivity to Voltha, including
+* The purpose of this test is to verify REST-based HTTPS connectivity to Voltha, including
   * Swagger UI access for exploring APIs
   * Command-line REST requests using curl
 
@@ -15,7 +15,7 @@
 
 To conveniently explore the REST APIs exposed by Voltha, point your browser to the default REST port on the
 Voltha integrartion server's Swagger end-point using the URL
-```http://<server>:<chameleon-port>/#/VolthaLocalService```, where
+```https://<server>:<chameleon-port>/#/VolthaLocalService```, where
 
 * ```<server>``` is the IP address or hostname of your Voltha integration server,
 * ```<chameleon-port``` is the TCP port assigned to the Chameleon REST front-end.
@@ -58,7 +58,7 @@
   Either way, make note of the port-number and use this to talk to the REST APIs.
   
   Using the proper URL, which in our case was
- ```http://10.100.198.220:32794/#/VolthaLocalService``` shall lead you to the
+ ```https://10.100.198.220:32794/#/VolthaLocalService``` shall lead you to the
  following view in your browser:
 
   ![Initial swagger view](./swagger_1.png "Initial swagger screen")
@@ -80,13 +80,13 @@
   For convenience, setup an env var for the b ase URL:
  
   ```
-  export VOLTHAURL='http://10.100.198.220:32794/api/v1/local'
+  export VOLTHAURL='https://10.100.198.220:32794/api/v1/local'
   ```
  
   To show the health status of Voltha:
  
   ```
-  curl -s $VOLTHAURL/health | jq '.'
+  curl -k -s $VOLTHAURL/health | jq '.'
   ```
   Expect to see:
   
@@ -99,7 +99,7 @@
   To show the list of loaded adapters in Voltha 
   
   ```
-  curl -s $VOLTHAURL/adapters | jq '.'
+  curl -k -s $VOLTHAURL/adapters | jq '.'
   ```
   Expect to see a list similar to this snippet (we show here only the beginning):
   
@@ -131,7 +131,7 @@
   You can list only the names of the adapters:
   
   ```
-  curl -s $VOLTHAURL/adapters | jq '.items[].id'
+  curl -k -s $VOLTHAURL/adapters | jq '.items[].id'
   ```
   
   This will show something like:
diff --git a/docs/pon-testing/olt-oftest-notes.md b/docs/pon-testing/olt-oftest-notes.md
index d76c398..aa44710 100644
--- a/docs/pon-testing/olt-oftest-notes.md
+++ b/docs/pon-testing/olt-oftest-notes.md
@@ -49,7 +49,7 @@
 ```
 cd /voltha
 . env.sh
-./chameleon/main.py
+/chameleon/main.py -f pki/voltha.crt -k pki/voltha.key
 ```
 
 In the third terminal, start ofagent:
@@ -65,19 +65,19 @@
 To see we can reach Voltha via REST:
 
 ```
-curl -s http://localhost:8881/health | jq '.'
+curl -k -s https://localhost:8881/health | jq '.'
 ```
 
 and
 
 ```
-curl -s -H 'Get-Depth: 2' http://localhost:8881/api/v1/local | jq '.'
+curl -k -s -H 'Get-Depth: 2' https://localhost:8881/api/v1/local | jq '.'
 ```
 
 To verify we have exactly one logical device (this is important for olt-oftest, which assumes this):
 
 ```
-curl -s http://localhost:8881/api/v1/local/logical_devices | jq '.items'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices | jq '.items'
 ```
 
 Check in the output that there is one entry in the logical device list, along these lines:
@@ -111,7 +111,7 @@
 To verify that the above logical device has all three logical ports, run this:
 
 ```
-curl -s http://localhost:8881/api/v1/local/logical_devices/simulated1/ports | jq '.items'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices/simulated1/ports | jq '.items'
 ```
 
 This shall have three entries, one OLT NNI port and two ONU (UNI) ports. Make note of the corresponding
@@ -127,8 +127,8 @@
 
 
 ```
-curl -s http://localhost:8881/api/v1/local/logical_devices/simulated1/flows | jq '.items'
-curl -s http://localhost:8881/api/v1/local/logical_devices/simulated1/flow_groups | jq '.items'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices/simulated1/flows | jq '.items'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices/simulated1/flow_groups | jq '.items'
 ```
 
 ### Create fake interfaces needed by olt-oftest
diff --git a/scripts/show_device_flows.py b/scripts/show_device_flows.py
index cf64a58..f90adb2 100755
--- a/scripts/show_device_flows.py
+++ b/scripts/show_device_flows.py
@@ -13,11 +13,11 @@
 Make sure you have VOLTHA_BASE_URL environment variable
 defined, examples:
 
-export VOLTHA_BASE_URL=http://localhost:8881/api/v1
+export VOLTHA_BASE_URL=https://localhost:8881/api/v1
 
 or
 
-export VOLTHA_BASE_URL=http://10.100.192.220:8881/api/v1
+export VOLTHA_BASE_URL=https://10.100.192.220:8881/api/v1
 """.format(sys.argv[0])
 
     def main(self):
diff --git a/tests/itests/ofagent/test_ofagent_multicontroller_failover.py b/tests/itests/ofagent/test_ofagent_multicontroller_failover.py
index 89228a8..27eb41e 100644
--- a/tests/itests/ofagent/test_ofagent_multicontroller_failover.py
+++ b/tests/itests/ofagent/test_ofagent_multicontroller_failover.py
@@ -49,9 +49,9 @@
     onos1_ip="docker inspect --format '{{ .NetworkSettings.Networks.compose_default.IPAddress }}' onos1",
     onos2_ip ="docker inspect --format '{{ .NetworkSettings.Networks.compose_default.IPAddress }}' onos2",
     onos3_ip="docker inspect --format '{{ .NetworkSettings.Networks.compose_default.IPAddress }}' onos3",
-    add_olt='''curl -s -X POST -d '{"type": "simulated_olt", "mac_address": "01:0c:e2:31:40:00"}' \
-               http://localhost:8881/api/v1/local/devices''',
-    enable_olt="curl -s -X POST http://localhost:8881/api/v1/local/devices/",
+    add_olt='''curl -k -s -X POST -d '{"type": "simulated_olt", "mac_address": "01:0c:e2:31:40:00"}' \
+               https://localhost:8881/api/v1/local/devices''',
+    enable_olt="curl -k -s -X POST https://localhost:8881/api/v1/local/devices/",
     onos1_devices="curl -u karaf:karaf  http://localhost:8181/onos/v1/devices",
     onos2_devices="curl -u karaf:karaf  http://localhost:8182/onos/v1/devices",
     onos3_devices="curl -u karaf:karaf  http://localhost:8183/onos/v1/devices")
diff --git a/tests/itests/voltha/rest_base.py b/tests/itests/voltha/rest_base.py
index 3b880d6..b400283 100644
--- a/tests/itests/voltha/rest_base.py
+++ b/tests/itests/voltha/rest_base.py
@@ -1,10 +1,15 @@
 from unittest import TestCase
 from requests import get, post, put, patch, delete
+import urllib3
+
+# This is to suppress the insecure request warning when using
+# self signed ssl certificates
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
 
 class RestBase(TestCase):
 
-    base_url = 'http://localhost:8881'
+    base_url = 'https://localhost:8881'
 
     def url(self, path):
         while path.startswith('/'):
@@ -26,31 +31,29 @@
                 return response.content
 
     def get(self, path, expected_code=200,
-            expected_content_type='application/json', headers=None):
-        r = get(self.url(path), headers=headers)
+            expected_content_type='application/json', headers=None, verify=False):
+        r = get(self.url(path), headers=headers, verify=verify)
         self.assertEqual(r.status_code, expected_code,
                          msg='Code %d!=%d; msg:%s' % (
                              r.status_code, expected_code, r.content))
         return self.verify_content_type_and_return(r, expected_content_type)
 
-    def post(self, path, json_dict=None, expected_code=201):
-        r = post(self.url(path), json=json_dict)
+    def post(self, path, json_dict=None, expected_code=201, verify=False):
+        r = post(self.url(path), json=json_dict, verify=verify)
         self.assertEqual(r.status_code, expected_code,
                          msg='Code %d!=%d; msg:%s' % (
                              r.status_code, expected_code, r.content))
         return self.verify_content_type_and_return(r, 'application/json')
 
-    def put(self, path, json_dict, expected_code=200):
-        r = put(self.url(path), json=json_dict)
+    def put(self, path, json_dict, expected_code=200, verify=False):
+        r = put(self.url(path), json=json_dict, verify=verify)
         self.assertEqual(r.status_code, expected_code,
                          msg='Code %d!=%d; msg:%s' % (
                              r.status_code, expected_code, r.content))
         return self.verify_content_type_and_return(r, 'application/json')
 
-    def delete(self, path, expected_code=209):
-        r = delete(self.url(path))
+    def delete(self, path, expected_code=209, verify=False):
+        r = delete(self.url(path), verify=verify)
         self.assertEqual(r.status_code, expected_code,
                          msg='Code %d!=%d; msg:%s' % (
                              r.status_code, expected_code, r.content))
-
-
diff --git a/tests/itests/voltha/test_cold_activation_sequence.py b/tests/itests/voltha/test_cold_activation_sequence.py
index 9a780f5..fc93ce8 100644
--- a/tests/itests/voltha/test_cold_activation_sequence.py
+++ b/tests/itests/voltha/test_cold_activation_sequence.py
@@ -17,7 +17,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     def wait_till(self, msg, predicate, interval=0.1, timeout=5.0):
         deadline = time() + timeout
diff --git a/tests/itests/voltha/test_device_state_changes.py b/tests/itests/voltha/test_device_state_changes.py
index 9b3bc76..9cc62b7 100644
--- a/tests/itests/voltha/test_device_state_changes.py
+++ b/tests/itests/voltha/test_device_state_changes.py
@@ -27,7 +27,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     def wait_till(self, msg, predicate, interval=0.1, timeout=5.0):
         deadline = time() + timeout
diff --git a/tests/itests/voltha/test_dispatcher.py b/tests/itests/voltha/test_dispatcher.py
index 0f6ba73..71f6c8a 100644
--- a/tests/itests/voltha/test_dispatcher.py
+++ b/tests/itests/voltha/test_dispatcher.py
@@ -271,7 +271,7 @@
     def set_rest_endpoint(self):
         self.rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL,
                                                       'chameleon-rest')
-        self.base_url = 'http://' + self.rest_endpoint
+        self.base_url = 'https://' + self.rest_endpoint
 
     def set_kafka_endpoint(self):
         self.kafka_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'kafka')
diff --git a/tests/itests/voltha/test_persistence.py b/tests/itests/voltha/test_persistence.py
index 1111c1e..29b084a 100644
--- a/tests/itests/voltha/test_persistence.py
+++ b/tests/itests/voltha/test_persistence.py
@@ -250,7 +250,7 @@
     def set_rest_endpoint(self):
         self.rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL,
                                                       'chameleon-rest')
-        self.base_url = 'http://' + self.rest_endpoint
+        self.base_url = 'https://' + self.rest_endpoint
 
     def set_kafka_endpoint(self):
         self.kafka_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'kafka')
diff --git a/tests/itests/voltha/test_self_signed_cert_auth_failure.py b/tests/itests/voltha/test_self_signed_cert_auth_failure.py
new file mode 100644
index 0000000..5857417
--- /dev/null
+++ b/tests/itests/voltha/test_self_signed_cert_auth_failure.py
@@ -0,0 +1,99 @@
+from time import time, sleep
+from unittest import main, TestCase
+from nose.tools import *
+from requests import get
+from tests.itests.voltha.rest_base import RestBase
+from common.utils.consulhelpers import get_endpoint_from_consul
+from common.utils.consulhelpers import verify_all_services_healthy
+from tests.itests.docutests.test_utils import \
+    run_command_to_completion_with_raw_stdout, \
+    run_command_to_completion_with_stdout_in_list
+
+LOCAL_CONSUL = "localhost:8500"
+DOCKER_COMPOSE_FILE = "compose/docker-compose-system-test.yml"
+
+command_defs = dict(
+    docker_ps="docker ps",
+    docker_compose_start_all="docker-compose -f {} up -d "
+        .format(DOCKER_COMPOSE_FILE),
+    docker_stop_and_remove_all_containers="docker-compose -f {} down"
+        .format(DOCKER_COMPOSE_FILE),
+)
+
+
+class SelfSignedSSLCertAuthFail(RestBase):
+
+    t0 = [time()]
+
+    def pt(self, msg=''):
+        t1 = time()
+        print '%20.8f ms - %s' % (1000 * (t1 - SelfSignedSSLCertAuthFail.t0[0]),
+                                  msg)
+        SelfSignedSSLCertAuthFail.t0[0] = t1
+
+
+    def wait_till(self, msg, predicate, interval=0.1, timeout=5.0):
+        deadline = time() + timeout
+        while time() < deadline:
+            if predicate():
+                return
+            sleep(interval)
+        self.fail('Timed out while waiting for condition: {}'.format(msg))
+
+
+    def test_01_self_signed_ssl_cert_auth_failure(self):
+        # Start the voltha ensemble with a single voltha instance
+        self._stop_and_remove_all_containers()
+        sleep(5)  # A small wait for the system to settle down
+        self.start_all_containers()
+        self.set_rest_endpoint()
+
+        self._get_health()
+
+    def _stop_and_remove_all_containers(self):
+        # check if there are any running containers first
+        cmd = command_defs['docker_ps']
+        out, err, rc = run_command_to_completion_with_stdout_in_list(cmd)
+        self.assertEqual(rc, 0)
+        if len(out) > 1:  # not counting docker ps header
+            cmd = command_defs['docker_stop_and_remove_all_containers']
+            out, err, rc = run_command_to_completion_with_raw_stdout(cmd)
+            self.assertEqual(rc, 0)
+
+    def start_all_containers(self):
+        t0 = time()
+
+        # start all the containers
+        self.pt("Starting all containers ...")
+        cmd = command_defs['docker_compose_start_all']
+        out, err, rc = run_command_to_completion_with_raw_stdout(cmd)
+        self.assertEqual(rc, 0)
+
+        self.pt("Waiting for voltha and chameleon containers to be ready ...")
+        self.wait_till('voltha services HEALTHY',
+                       lambda: verify_all_services_healthy(
+                           LOCAL_CONSUL, service_name='voltha-grpc') == True,
+                       timeout=10)
+        self.wait_till('chameleon services HEALTHY',
+                       lambda: verify_all_services_healthy(
+                           LOCAL_CONSUL,service_name='chameleon-rest') == True,
+                       timeout=10)
+
+        # Chameleon takes some time to compile the protos and make them
+        # available.  So let's wait 10 seconds
+        sleep(10)
+
+    def set_rest_endpoint(self):
+        self.rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL,
+                                                      'chameleon-rest')
+        self.base_url = 'https://' + self.rest_endpoint
+
+    @raises(Exception)
+    def _get_health(self):
+        # Raises SSLError exception because "verify" set to true and
+        # we use self-signed certificates
+        res = self.get('/health', verify=True)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/tests/itests/voltha/test_voltha_alarm_events.py b/tests/itests/voltha/test_voltha_alarm_events.py
index c5e2858..5e8b8ec 100644
--- a/tests/itests/voltha/test_voltha_alarm_events.py
+++ b/tests/itests/voltha/test_voltha_alarm_events.py
@@ -47,7 +47,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     # Start by querying consul to get the endpoint details
     kafka_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'kafka')
diff --git a/tests/itests/voltha/test_voltha_alarm_filters.py b/tests/itests/voltha/test_voltha_alarm_filters.py
index 4b73509..e9d67a2 100644
--- a/tests/itests/voltha/test_voltha_alarm_filters.py
+++ b/tests/itests/voltha/test_voltha_alarm_filters.py
@@ -29,7 +29,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     # Start by querying consul to get the endpoint details
     kafka_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'kafka')
diff --git a/tests/itests/voltha/test_voltha_rest_apis.py b/tests/itests/voltha/test_voltha_rest_apis.py
index b1f66d6..0760fca 100644
--- a/tests/itests/voltha/test_voltha_rest_apis.py
+++ b/tests/itests/voltha/test_voltha_rest_apis.py
@@ -25,7 +25,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
     
     def test_01_global_rest_apis(self):
         # ~~~~~~~~~~~~~~~~~~~ GLOBAL TOP-LEVEL SERVICES~ ~~~~~~~~~~~~~~~~~~~~~~
@@ -283,7 +283,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     def test_02_local_rest_apis(self):
         # ~~~~~~~~~~~~~~~~ VOLTHA INSTANCE LEVEL OPERATIONS ~~~~~~~~~~~~~~~~~~~
@@ -447,7 +447,7 @@
     rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     # ~~~~~~~~~~~~~~~~~~~~~~~~~~ NEGATIVE TEST CASES ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/tests/itests/voltha/test_voltha_retrieve_software_info.py b/tests/itests/voltha/test_voltha_retrieve_software_info.py
index ddb5909..22d58bf 100644
--- a/tests/itests/voltha/test_voltha_retrieve_software_info.py
+++ b/tests/itests/voltha/test_voltha_retrieve_software_info.py
@@ -1,5 +1,6 @@
 from unittest import main
 from time import time, sleep
+from common.utils.consulhelpers import get_endpoint_from_consul
 from tests.itests.voltha.rest_base import RestBase
 from google.protobuf.json_format import MessageToDict
 from voltha.protos.device_pb2 import Device
@@ -42,6 +43,7 @@
     "type": "object"
 }
 
+LOCAL_CONSUL = "localhost:8500"
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -55,10 +57,10 @@
 
 class VolthaDeviceManagementRetrieveSoftwareInfo(RestBase):
     # Retrieve details on the REST entry point
-    rest_endpoint = "127.0.0.1:8881"
+    rest_endpoint = get_endpoint_from_consul(LOCAL_CONSUL, 'chameleon-rest')
 
     # Construct the base_url
-    base_url = 'http://' + rest_endpoint
+    base_url = 'https://' + rest_endpoint
 
     def wait_till(self, msg, predicate, interval=0.1, timeout=5.0):
         deadline = time() + timeout
diff --git a/voltha/adapters/maple_olt/README.md b/voltha/adapters/maple_olt/README.md
index c4991c7..f0f96d6 100644
--- a/voltha/adapters/maple_olt/README.md
+++ b/voltha/adapters/maple_olt/README.md
@@ -34,7 +34,7 @@
 ```
 cd ~/voltha
 . env.sh
-./chamaleon/main.py
+./chamaleon/main.py  -f pki/voltha.crt -k pki/voltha.key
 ```
 
 ## Step 3: Verify Maple and Broadcom adapters loaded
@@ -42,7 +42,7 @@
 In a third terminal, issue the following REST requests:
 
 ```
-curl -s http://localhost:8881/api/v1/local/adapters | jq
+curl -k -s https://localhost:8881/api/v1/local/adapters | jq
 ```
 
 This should list (among other entries) two entries for Broadcom devices:
@@ -51,7 +51,7 @@
 The following request should show the device types supported:
 
 ```
-curl -s http://localhost:8881/api/v1/local/device_types | jq
+curl -k -s https://localhost:8881/api/v1/local/device_types | jq
 ```
 
 This should include two entries for Broadcom devices, one for the OLT
@@ -62,8 +62,8 @@
 Issue the following command to pre-provision the Maple OLT:
 
 ```
-curl -s -X POST -d '{"type": "maple_olt", "ipv4_address": "111.111.111.111"}' \
-    http://localhost:8881/api/v1/local/devices | jq '.' | tee olt.json
+curl -k -s -X POST -d '{"type": "maple_olt", "ipv4_address": "111.111.111.111"}' \
+    https://localhost:8881/api/v1/local/devices | jq '.' | tee olt.json
 ```
 
 This shall return with a complete Device JSON object, including a 12-character
@@ -104,14 +104,14 @@
 To activate the OLT, issue the following using the OLT_ID memorized above:
 
 ```
-curl -s -X POST http://localhost:8881/api/v1/local/devices/$OLT_ID/activate
+curl -k -s -X POST https://localhost:8881/api/v1/local/devices/$OLT_ID/activate
 ```
 
 After this, if you retrieve the state of the OLT device, it should be enabled
 and in the 'ACTIVATING' operational status:
 
 ```
-curl -s http://localhost:8881/api/v1/local/devices/$OLT_ID | jq '.oper_status,.admin_state'
+curl -k -s https://localhost:8881/api/v1/local/devices/$OLT_ID | jq '.oper_status,.admin_state'
 "ACTIVATING"
 "ENABLED"
 ```
@@ -120,9 +120,9 @@
 the logical devices and logical ports, use the following commands.
 
 ```
-curl -s http://localhost:8881/api/v1/local/logical_devices | jq '.'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices | jq '.'
 # Note: Need to pull out logical device id.
-curl -s http://localhost:8881/api/v1/local/logical_devices/47d2bb42a2c6/ports | jq '.'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices/47d2bb42a2c6/ports | jq '.'
 ```
 
 
diff --git a/voltha/adapters/tibit_olt/README.md b/voltha/adapters/tibit_olt/README.md
index d407335..c7e02e5 100644
--- a/voltha/adapters/tibit_olt/README.md
+++ b/voltha/adapters/tibit_olt/README.md
@@ -25,7 +25,7 @@
 In the same shell, launch chameleon. The command below assumes that you are in the top level Voltha directory.
 
 ```
-(venv-linux)$ ./chameleon/main.py
+(venv-linux)$ ./chameleon/main.py  -f pki/voltha.crt -k pki/voltha.key
 ```
 
 ## Step 2: Launch Voltha with the proper interface value.
@@ -52,7 +52,7 @@
 In a third terminal, issue the following REST requests:
 
 ```
-$ curl -s http://localhost:8881/api/v1/local/adapters | jq
+$ curl -k -s https://localhost:8881/api/v1/local/adapters | jq
 ```
 
 This should list (among other entries) two entries for Tibit devices,
@@ -61,7 +61,7 @@
 The following request should show the device types supported:
 
 ```
-$ curl -s http://localhost:8881/api/v1/local/device_types | jq
+$ curl -k -s https://localhost:8881/api/v1/local/device_types | jq
 ```
 
 This should include two entries for Tibit devices, one for the OLT
@@ -72,8 +72,8 @@
 Issue the following command to pre-provision the Tibit OLT:
 
 ```
-curl -s -X POST -d '{"type": "tibit_olt", "mac_address": "00:0c:e2:31:06:00"}' \
-    http://localhost:8881/api/v1/local/devices | jq '.' | tee olt.json
+curl -k -s -X POST -d '{"type": "tibit_olt", "mac_address": "00:0c:e2:31:06:00"}' \
+    https://localhost:8881/api/v1/local/devices | jq '.' | tee olt.json
 ```
 
 This will return a complete Device JSON object, including a
@@ -114,7 +114,7 @@
 To activate the OLT, issue the following using the OLT_ID memorized above:
 
 ```
-curl -s -X POST http://localhost:8881/api/v1/local/devices/$OLT_ID/activate
+curl -k -s -X POST https://localhost:8881/api/v1/local/devices/$OLT_ID/activate
 ```
 
 After this, if you retrieve the state of the OLT device, it should be
@@ -123,7 +123,7 @@
 OLT device was not successful.
 
 ```
-curl http://localhost:8881/api/v1/local/devices/$OLT_ID | jq '.oper_status,.admin_state'
+curl https://localhost:8881/api/v1/local/devices/$OLT_ID | jq '.oper_status,.admin_state'
 "ACTIVE"
 "ENABLED"
 ```
@@ -131,9 +131,9 @@
 the logical devices and logical ports, use the following commands.
 
 ```
-curl -s http://localhost:8881/api/v1/local/logical_devices | jq '.'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices | jq '.'
 # Note: Need to pull out logical device id.
-curl -s http://localhost:8881/api/v1/local/logical_devices/47d2bb42a2c6/ports | jq '.'
+curl -k -s https://localhost:8881/api/v1/local/logical_devices/47d2bb42a2c6/ports | jq '.'
 ```
 
 ## Running the ONOS olt-test