IRIS (and Cache) were always shipped with standalone (with a very simple configuration) apache web server for non-production use (SMP, develop REST API calls etc.). This apache web server supports (out of the box) only HTTP.
Large organizations usually have more than one non-production environments (CI, TEST, UAT, PREPROD and so on...) and there is a need to have the SMP (or REST API calls) using HTTPS.
In order to do so, there is a need to a lot of actions:
create a self-singed certificates
configure the httpd-local.conf with those certificates, listening ports, default directories, file types and more.
As IRIS comes with OpenSLL, it should not difficult to automatically create & install those self-signed certificates, configure basic httpd-local.conf to support HTTPS etc. (all this can be done during the IRIS installation).
Also, to have a good documentation on how to do all those steps in order to enable system admins to have HTTPS supported.
Hi Yaron! Thank you for your idea. Based on information from our experts, that Web Server will be removed in future releases (see a comment with the appropriate link below). That's why the status of this idea was changed to "will not implement".
Note, that Private Web Server is planned to be removed in the future releases
https://community.intersystems.com/post/advisory-apache-web-server-provided-intersystems-kits-%E2%80%93-vulnerability-reports