I've been looking through the documentation. I can't find any references to running Retain with SSL. It seems like a very significant security vulnerability to run without encryption. I know I can put a certificate on Apache, that's plain enough. But Retain is mostly running on Tomcat. It doesn't appear to need need Apache except to redirect. Am I missing something?

Thanks