diff --git a/main.go b/main.go
index dafeefb..81a9195 100644
--- a/main.go
+++ b/main.go
@@ -2,35 +2,50 @@ package main
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"strings"
+	"time"
 
 	"gitlab-app.eng.qops.net/golang/jwt"
 )
 
 func main() {
-	var path, host, method, body, headers, brandID string
+	var path, host, method, body, headers, brandID, issuer string
+	var ca, cert, key string
 	var needJWT, verbose bool
+	var timeout time.Duration
 	flag.StringVar(&method, "method", "get", "method for request")
 	flag.StringVar(&path, "path", "fieldsetdefinitions/v1/index/surveys/SV_031sm3MMOPSa8Tz/fieldsets?assumeHasPermission=true", "path for request")
 	flag.StringVar(&host, "host", "data-platform.service.consul:8080", "host and port for request")
 	flag.StringVar(&body, "body", "", "body for request")
 	flag.StringVar(&brandID, "brand", "testencresponse", "brandID for request JWT")
 	flag.StringVar(&headers, "headers", "", "headers as k=v,k=v for request")
+	flag.StringVar(&issuer, "issuer", "dataprocessing,responseengine,fieldset-definitions,qualtrics,objectstore,svs,monolith,ex,blixt,null,responseengine", "issuer for jwt")
 	flag.BoolVar(&needJWT, "jwt", true, "need jwt boolean")
 	flag.BoolVar(&verbose, "v", false, "is verbose")
+	flag.DurationVar(&timeout, "t", time.Second*10, "request timeout")
+	flag.StringVar(&ca, "ca", "", "ca for server")
+	flag.StringVar(&cert, "cert", "", "cert for client")
+	flag.StringVar(&key, "key", "", "key for client")
 	flag.Parse()
 
-	c := &http.Client{}
+	if !strings.HasPrefix(host, "http") {
+		host = "http://" + host
+	}
+
+	c := makeClient(timeout, ca, cert, key)
 	req, err := http.NewRequest(
 		strings.ToUpper(method),
-		"http://"+strings.Trim(host, "/")+"/"+strings.Trim(path, "/"),
+		host+"/"+strings.Trim(path, "/"),
 		strings.NewReader(body),
 	)
+	fmt.Println(req)
 	if err != nil {
 		panic(err)
 	}
@@ -41,7 +56,7 @@ func main() {
 		}
 	}
 	if needJWT {
-		setJWT(req, brandID)
+		setJWT(req, brandID, issuer)
 	}
 
 	if verbose {
@@ -49,11 +64,13 @@ func main() {
 	}
 	resp, err := c.Do(req)
 	if err != nil {
-		panic(err)
+		fmt.Println("DO FAILED:", err)
+		return
 	}
 	b, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		panic(err)
+		fmt.Println("READ BODY FAILED:", err)
+		return
 	}
 	defer resp.Body.Close()
 
@@ -61,12 +78,41 @@ func main() {
 	fmt.Printf("%s\n", bytes.TrimSpace(b))
 }
 
-func setJWT(r *http.Request, brandID string) {
+func makeClient(timeout time.Duration, ca, cert, key string) *http.Client {
+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{},
+	}
+	if ca == "" {
+		transport.TLSClientConfig.InsecureSkipVerify = true
+	} else {
+		caBytes, err := ioutil.ReadFile(ca)
+		if err != nil {
+			panic(err)
+		}
+		rootCAs := x509.NewCertPool()
+		rootCAs.AppendCertsFromPEM(caBytes)
+		transport.TLSClientConfig.RootCAs = rootCAs
+	}
+	if cert != "" && key != "" {
+		clientCert, err := tls.LoadX509KeyPair(cert, key)
+		if err != nil {
+			panic(err)
+		}
+		transport.TLSClientConfig.Certificates = []tls.Certificate{clientCert}
+		transport.TLSClientConfig.BuildNameToCertificate()
+	}
+	return &http.Client{
+		Timeout:   timeout,
+		Transport: transport,
+	}
+}
+
+func setJWT(r *http.Request, brandID string, issuer string) {
 	signer := &jwt.Signer{
 		Key: []byte("dnKgzTPNZyEd2Kfop"),
 		DefaultClaims: jwt.Claims{
 			Audience: "qualtrics",
-			Issuer:   "dataprocessing,responseengine,fieldset-definitions,qualtrics,objectstore,svs,monolith,ex,blixt,null,responseengine",
+			Issuer:   issuer,
 			UserID:   "breel",
 			BrandID:  brandID,
 			Custom: map[string]interface{}{