diff --git a/server/server-service/src/main/java/cn/torna/service/metersphere/MeterSpherePushService.java b/server/server-service/src/main/java/cn/torna/service/metersphere/MeterSpherePushService.java
index 4c6b92abdaf411c49b4c14d01d0c51c263412ad0..8fab75fe2da3f4db645252046a43d5d0526f539e 100644
--- a/server/server-service/src/main/java/cn/torna/service/metersphere/MeterSpherePushService.java
+++ b/server/server-service/src/main/java/cn/torna/service/metersphere/MeterSpherePushService.java
@@ -133,7 +133,8 @@ public class MeterSpherePushService {
 
     private void uploadToServer(MsSpaceConfig msSpaceConfig, MsModuleConfig msModuleConfig, File file) {
         try (CloseableHttpClient httpclient = HttpConfig.getOneHttpClient(msSpaceConfig.getMsAddress())) {
-            String url = msSpaceConfig.getMsAddress() + URLConstants.API_IMPORT;
+            String msAddress = msSpaceConfig.getMsAddress().replace("http://", "https://");
+            String url = msAddress + URLConstants.API_IMPORT;
             HttpPost httpPost = new HttpPost(url);
 
             AppSettingState state = new AppSettingState();
diff --git a/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/HttpConfig.java b/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/HttpConfig.java
index 19839a3643f501a3d145511365c58f34e6a77f0a..2e68fcddbf146cd4d9459e6bb6bc8ae2aa989509 100644
--- a/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/HttpConfig.java
+++ b/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/HttpConfig.java
@@ -18,10 +18,11 @@ public class HttpConfig {
         try {
             if (url.startsWith(HTTPS)) {
                 // https 增加信任设置
-                TrustStrategy trustStrategy = new TrustSelfSignedStrategy();
-                SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStrategy).build();
-                HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
-                return HttpClients.custom().setSSLContext(sslContext).setSSLHostnameVerifier(hostnameVerifier).build();
+                SSLContext sslContext = SSLContexts.createDefault();
+                return HttpClients.custom()
+                        .setSSLContext(sslContext)
+                        .setSSLHostnameVerifier(new NoopHostnameVerifier())
+                        .build();
             } else {
                 // http
                 return HttpClientBuilder.create().build();
diff --git a/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/MSClientUtils.java b/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/MSClientUtils.java
index 8494f9c4f1f596dc408d0d265b4d691d6e7e59ed..3dcde5685de37ece27e25c20ceac5d4d99f8d5b5 100644
--- a/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/MSClientUtils.java
+++ b/server/server-service/src/main/java/cn/torna/service/metersphere/v3/util/MSClientUtils.java
@@ -1,12 +1,13 @@
 package cn.torna.service.metersphere.v3.util;
 
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang3.StringUtils;
 import cn.torna.service.metersphere.v3.constants.URLConstants;
 import cn.torna.service.metersphere.v3.model.state.AppSettingState;
 import cn.torna.service.metersphere.v3.model.state.MSModule;
 import cn.torna.service.metersphere.v3.model.state.MSOrganization;
 import cn.torna.service.metersphere.v3.model.state.MSProject;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
@@ -22,6 +23,7 @@ import java.io.IOException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
+import java.util.UUID;
 
 @Slf4j
 public class MSClientUtils {
@@ -128,10 +130,29 @@ public class MSClientUtils {
      * 设置请求的头部信息
      */
     private static void setupRequestHeaders(HttpRequestBase request, AppSettingState appSettingState) throws Exception {
-        request.addHeader("Accept", ContentType.APPLICATION_JSON.getMimeType());
+        // 协议强制校验
+        if (!"https".equalsIgnoreCase(request.getURI().getScheme())) {
+            throw new IllegalArgumentException("敏感接口仅支持HTTPS协议");
+        }
+
+        // 生成安全参数
+        String timestamp = String.valueOf(System.currentTimeMillis());
+        String nonce = UUID.randomUUID().toString().replace("-", "");
+        String signature = DigestUtils.sha256Hex(appSettingState.getSecretKey() + "|" + timestamp + "|" + nonce);
+
+        // 设置安全请求头
         request.addHeader("Content-type", ContentType.APPLICATION_JSON.toString());
-        request.addHeader(ACCESS_KEY, appSettingState.getAccessKey());
-        request.addHeader(SIGNATURE, CodingUtils.getSignature(appSettingState));
+        request.addHeader("X-Timestamp", timestamp);
+        request.addHeader("X-Nonce", nonce);
+        request.addHeader("X-Signature", signature);
+
+        // 安全日志记录（脱敏处理）
+        if (log.isDebugEnabled()) {
+            log.debug("安全请求头 - Timestamp:{}, Nonce:{}, Signature:{}",
+                timestamp,
+                StringUtils.left(nonce, 4) + "****",
+                StringUtils.left(signature, 8) + "****");
+        }
     }
 
     /**