UPDATE - The below applies to Open-AudIT versions prior to 5.0.0 As at 5.0.0, Open-AudIT is "just another website" in terms of HTTP / HTTPS. There is no configuration of Open-AudIT required for HTTPS.
Open-AudIT works perfectly fine using HTTPS. But - there's always a but... We do require http traffic be allowed from localhost / 127.0.0.1. This is for Open-AudIT to spawn more processes when discovery runs and for task execution (well, task checking for execution). As the traffic is localhost only, it never actually hits the network interface, so is never at risk of being eavesdropped upon. We also do not use these connections to send any sensitive information. They are purely to tell Open-AudIT "check if any tasks need running" or "start another discovery thread".
...