diff --git a/gen_site.sh b/gen_site.sh
index 52544b99..442b3511 100755
--- a/gen_site.sh
+++ b/gen_site.sh
@@ -7,4 +7,4 @@ cd `dirname "$0"`
 mkdir -p out
 cd out
 
-wget -c -m http://$BASEURL/ http://$BASEURL/connected/
+wget -c -m https://$BASEURL/ https://$BASEURL/connected/
diff --git a/htdocs/index.php b/htdocs/index.php
index b14b78ba..0be26241 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -2,8 +2,9 @@
 //Inclusion de l'API Onyx
 require_once(trim(file_get_contents('./.onyx')));
 
-define("SALT_USER", "connected");
-define("SALT_ADMIN", "admin");
+define("SALT_PUBLIC", $VAR["prefix_public"]);
+define("SALT_USER", $VAR["prefix_teams"]);
+define("SALT_ADMIN", $VAR["prefix_admin"]);
 
 //On active le débogage si l'on est sur le domaine de debug
 
@@ -13,6 +14,8 @@ if ($_SERVER["SERVER_NAME"] == "localhost" || $_SERVER["SERVER_NAME"] == "fic" |
 //Chargement de tout le nécessaire pour le site
 require_once("common.php");
 
+$template->assign("SALT_CDN",SALT_PUBLIC);
+$template->assign("SALT_PUBLIC",SALT_PUBLIC);
 $template->assign("SALT_USER",SALT_USER);
 $template->assign("SALT_ADMIN",SALT_ADMIN);
 
diff --git a/misc/openssl.cnf b/misc/openssl.cnf
index 95fa5f76..a8c067f9 100644
--- a/misc/openssl.cnf
+++ b/misc/openssl.cnf
@@ -39,7 +39,7 @@ default_ca	= CA_default		# The default ca section
 ####################################################################
 [ CA_default ]
 
-dir		= fic_pki #DIR 		# Where everything is kept
+dir		= /srv/fic2014-server/misc//pki #DIR 		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.
@@ -147,7 +147,7 @@ organizationalUnitName		= Organizational Unit Name (eg, section)
 organizationalUnitName_default	= SRS
 
 commonName			= Common Name (e.g. server FQDN or YOUR name)
-commonName_default		= toto#COMMONNAME
+commonName_default		= FIC2014 Server #COMMONNAME
 commonName_max			= 64
 
 emailAddress			= Email Address
@@ -176,7 +176,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 
 # This is OK for an SSL server.
-nsCertType			= client #CERTTYPE
+nsCertType			= server #CERTTYPE
 
 # For an object signing certificate this would be used.
 # nsCertType = objsign
diff --git a/nginx-server-common.conf b/nginx-server-common.conf
new file mode 100644
index 00000000..c5d27bc7
--- /dev/null
+++ b/nginx-server-common.conf
@@ -0,0 +1,43 @@
+    access_log /var/log/nginx/fic.access_log;
+    error_log /var/log/nginx/fic.error_log;
+
+    root /var/www/fic2014-server/htdocs;
+    index index.php;
+
+    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
+
+    location / {
+      if (-f $request_filename) {
+        break;
+      }
+      if (-d $request_filename) {
+        break;
+      }
+
+      rewrite ^/(.*)$ /index.php?p=$1 last;
+    }
+
+    location ~* \favicon.ico$ {
+      access_log off;
+      expires 1d;
+      add_header Cache-Control public;
+    }
+
+    location ~ ^/(img|js|css)/ {
+      access_log off;
+      expires 7d;
+      add_header Cache-Control public;
+    }
+
+    location ~ /(\.ht|\.git|\.svn|\.onyx) {
+      return 403;
+    }
+
+    location ~ .*.php$
+    {
+	if (!-e $document_root$document_uri) { return 404; }
+        include /etc/nginx/fastcgi.conf;
+        fastcgi_pass  unix:/var/run/fastcgi/php-fpm.sock;
+        fastcgi_index index.php;
+	break;
+    }
diff --git a/nginx-server.conf b/nginx-server.conf
new file mode 100644
index 00000000..ba338775
--- /dev/null
+++ b/nginx-server.conf
@@ -0,0 +1,18 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ipv6only=on ssl;
+
+    ssl_certificate /var/www/fic2014-server/misc/server.crt;
+    ssl_certificate_key /var/www/fic2014-server/misc/server.key;
+#    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
+#    ssl_prefer_server_ciphers on;
+#    ssl_ciphers		 ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
+
+    include /var/www/fic2014-server/nginx-server-common.conf;
+}
+
+server {
+    listen [::1]:80 ipv6only=on;
+
+    include /var/www/fic2014-server/nginx-server-common.conf;
+}
diff --git a/nginx.conf b/nginx.conf
index 1a4f42e1..796a8d48 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,46 +1,58 @@
 server {
-    listen 80;
-    listen [::]:80;
-    server_name fic fic.p0m.fr fic.nemunai.re;
+    listen 443 ssl;
+    listen [::]:443 ipv6only=on ssl;
+
+    root /var/www/fic2014-server/htdocs/;
 
     access_log /var/log/nginx/fic.access_log;
-    error_log /var/log/nginx/fic.error_log debug;
+    error_log /var/log/nginx/fic.error_log;
 
-    root /var/www/fic2014-server/htdocs;
+    ssl_certificate		/var/www/fic2014-server/misc/server.crt;
+    ssl_certificate_key		/var/www/fic2014-server/misc/server.key;
+    ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers	on;
+    ssl_ciphers			ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
+    ssl_client_certificate	/var/www/fic2014-server/misc/pki/cacert.crt;
+    ssl_verify_client		on;
+    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
 
-    location / {
-      if (-f $request_filename) {
-        break;
-      }
-      if (-d $request_filename) {
-        break;
-      }
+    location /
+    {
+	default_type text/html;
+        if ($ssl_client_s_dn !~ "/C=FR/ST=France/O=Epita/OU=SRS/")
+        {
+	    return 401;	
+        }
 
-      rewrite ^/(.*)$ /index.php?p=$1 last;
+        if ($ssl_client_s_dn ~ "/C=FR/ST=France/O=Epita/OU=SRS/CN=Team1/") {
+            root /var/www/fic2014-server/htdocs/connected/166$1;
+
+	    rewrite ^/submission-([0-9]+)-([0-9]+).html$ /submission.php?team=166&theme=$1&exercice=$2 last;
+        }
     }
 
     location ~* \favicon.ico$ {
-      access_log off;
-      expires 1d;
-      add_header Cache-Control public;
+        access_log off;
+        expires 1d;
+        add_header Cache-Control public;
     }
 
     location ~ ^/(img|js|css)/ {
-      access_log off;
-      expires 7d;
-      add_header Cache-Control public;
+        access_log off;
+        expires 7d;
+        add_header Cache-Control public;
     }
 
     location ~ /(\.ht|\.git|\.svn|\.onyx) {
-      deny  all;
+        return 403;
     }
 
-    location ~ .*.php$
+    location /submission.php
     {
-	if (!-e $document_root$document_uri) { return 404; }
-        include /etc/nginx/fastcgi.conf;
-        fastcgi_pass  127.0.0.1:9000;
-        fastcgi_index index.php;
+	root	      /var/www/fic2014-server/;
+        include       /etc/nginx/fastcgi.conf;
+        fastcgi_pass  unix:/var/run/fastcgi/php-fpm.sock;
 	break;
     }
+
 }
diff --git a/onyx/config/sample.root.xml b/onyx/config/sample.root.xml
index e6291018..d94fd659 100644
--- a/onyx/config/sample.root.xml
+++ b/onyx/config/sample.root.xml
@@ -1,7 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<configs active="1" root="/var/www/jacobdelafon/htdocs/" cache="1">
+<configs active="1" root="/var/www/fic2014-server/htdocs/" cache="1">
   <config match="index.php">
-    <var name="end_challenge">1381441316</var>
+    <var name="end_challenge">1386827772</var>
+    <var name="misc_dir">/var/www/fic2014-server/misc/</var>
+    <var name="submission_dir">/var/www/fic2014-server/submission/</var>
+    <var name="prefix_public">challenge-public</var>
+    <var name="prefix_teams">challenge</var>
+    <var name="prefix_admin">challenge-admin</var>
     <var name="chrono"><![CDATA[<!--Page générée en: $ secondes.-->]]></var>
   </config>
   <config match="*">
diff --git a/onyx/tpl/bootstrap/clock.tpl b/onyx/tpl/bootstrap/clock.tpl
index 10b4febb..7cbddfeb 100644
--- a/onyx/tpl/bootstrap/clock.tpl
+++ b/onyx/tpl/bootstrap/clock.tpl
@@ -1,11 +1,11 @@
     <div class="clock">
       <div id="ficlogo">
-        <a href="/">
-          <img src="/img/challenge.jpg" alt="Forum International de la Cybersécurité">
+        <a href="{$SALT_PUBLIC}/">
+          <img src="{$SALT_CDN}/img/challenge.jpg" alt="Forum International de la Cybersécurité">
 	</a>
       </div>
       <div id="epitalogo">
-          <img src="/img/epita.png" alt="Epita">
+          <img src="{$SALT_CDN}/img/epita.png" alt="Epita">
       </div>
       <div id="Date"></div>
       <ul>
diff --git a/onyx/tpl/bootstrap/layout.tpl b/onyx/tpl/bootstrap/layout.tpl
index 38523569..12be4bb4 100644
--- a/onyx/tpl/bootstrap/layout.tpl
+++ b/onyx/tpl/bootstrap/layout.tpl
@@ -5,7 +5,7 @@
     <title>{block name=title}Challenge FIC2014{/block}</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <!-- Bootstrap -->
-    <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+    <link href="{$SALT_CDN}/css/bootstrap.min.css" rel="stylesheet" media="screen">
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
     <!--[if lt IE 9]>
@@ -13,7 +13,7 @@
       <script src="../../assets/js/respond.min.js"></script>
     <![endif]-->
 
-    <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
+    <link rel="shortcut icon" type="image/x-icon" href="{$SALT_CDN}/favicon.ico">
     <meta name="author" content="EPITA Laboratoire SRS">
     <meta name="robots" content="all">
     <meta name="language" content="{$smarty.const.LANG}">
@@ -38,7 +38,7 @@
     </footer>
 
     <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
-    <script src="/js/jquery.min.js"></script>
+    <script src="{$SALT_CDN}/js/jquery.min.js"></script>
     <!-- Include all compiled plugins (below), or include individual files as needed -->
     <script src="/js/bootstrap.min.js"></script>
   {block name=end}{/block}