diff --git a/playwright/.env.template b/playwright/.env.template
index a6696aab..44ddb739 100644
--- a/playwright/.env.template
+++ b/playwright/.env.template
@@ -39,7 +39,8 @@ DUMMY_AUTHORITY=http://${KC_HTTP_HOST}:${KC_HTTP_PORT}/realms/${DUMMY_REALM}
 ######################
 ROCKET_ADDRESS=0.0.0.0
 ROCKET_PORT=8000
-DOMAIN=http://localhost:${ROCKET_PORT}
+ROCKET_TLS={certs="/certs/cert.pem",key="/certs/key.pem"}
+DOMAIN=https://localhost:${ROCKET_PORT}
 LOG_LEVEL=info,oidcwarden::sso=debug
 I_REALLY_WANT_VOLATILE_STORAGE=true
 
diff --git a/playwright/compose/warden/Dockerfile b/playwright/compose/warden/Dockerfile
index e472d207..77360f0d 100644
--- a/playwright/compose/warden/Dockerfile
+++ b/playwright/compose/warden/Dockerfile
@@ -29,6 +29,18 @@ RUN mkdir /data && \
         openssl && \
     rm -rf /var/lib/apt/lists/*
 
+# Self-signed TLS cert for the test server. The bundled web vault refuses
+# to submit registration/login over HTTP ("Insecure URL not allowed");
+# Rocket needs a cert+key to serve HTTPS. Self-contained layer so cert
+# tweaks don't bust the apt-install layer above.
+RUN mkdir /certs && \
+    openssl req -x509 -nodes -newkey rsa:2048 \
+        -keyout /certs/key.pem \
+        -out /certs/cert.pem \
+        -days 3650 \
+        -subj "/CN=localhost" \
+        -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
+
 # Copies the files from the context (Rocket.toml file and web-vault)
 # and the binary from the "build" stage to the current stage
 WORKDIR /
diff --git a/playwright/global-utils.ts b/playwright/global-utils.ts
index 224bb4b8..9aec2301 100644
--- a/playwright/global-utils.ts
+++ b/playwright/global-utils.ts
@@ -38,7 +38,7 @@ export async function waitFor(url: String, browser: Browser) {
 
     do {
         try {
-            context = await browser.newContext();
+            context = await browser.newContext({ ignoreHTTPSErrors: true });
             const page = await context.newPage();
             await page.waitForTimeout(500);
             const result = await page.goto(url);
diff --git a/playwright/playwright.config.ts b/playwright/playwright.config.ts
index de721aa3..1256cd4d 100644
--- a/playwright/playwright.config.ts
+++ b/playwright/playwright.config.ts
@@ -35,6 +35,7 @@ export default defineConfig({
         /* Base URL to use in actions like `await page.goto('/')`. */
         baseURL: process.env.DOMAIN,
         browserName: 'firefox',
+        ignoreHTTPSErrors: true,
         locale: 'en-GB',
         timezoneId: 'Europe/London',
 
diff --git a/playwright/test.env b/playwright/test.env
index df182ebe..a6c8dbd4 100644
--- a/playwright/test.env
+++ b/playwright/test.env
@@ -52,7 +52,8 @@ DUMMY_AUTHORITY=http://${KC_HTTP_HOST}:${KC_HTTP_PORT}/realms/${DUMMY_REALM}
 # Vaultwarden Config #
 ######################
 ROCKET_PORT=8003
-DOMAIN=http://localhost:${ROCKET_PORT}
+ROCKET_TLS={certs="/certs/cert.pem",key="/certs/key.pem"}
+DOMAIN=https://localhost:${ROCKET_PORT}
 LOG_LEVEL=info,oidcwarden::sso=debug
 LOGIN_RATELIMIT_MAX_BURST=100
 ADMIN_TOKEN=admin