diff --git a/rewrite/scripts/package.sh b/rewrite/scripts/package.sh
index a56e511..1b8abdb 100755
--- a/rewrite/scripts/package.sh
+++ b/rewrite/scripts/package.sh
@@ -14,8 +14,10 @@ if [ "$prerequisites" == "--prep" ]; then
     rustup target add x86_64-unknown-linux-musl
     mkdir -p /root/.ssh
 
+    echo
     echo "docker cp ~/.ssh/config packager:/root/.ssh/config"
     echo "docker cp ~/.ssh/gitea_ed25519 packager:/root/.ssh/gitea_ed25519"
+    echo
     echo "Run above commands in another terminal"
     while true; do
         echo -n "." && sleep 1
diff --git a/rewrite/src/grpc/client.rs b/rewrite/src/grpc/client.rs
index af2ef96..8c0ecc6 100644
--- a/rewrite/src/grpc/client.rs
+++ b/rewrite/src/grpc/client.rs
@@ -120,7 +120,46 @@ impl ConnManager {
 }
 
 pub async fn key_grabber(node_ip: String) -> Result<(Keypair, Pubkey), Box<dyn std::error::Error>> {
-    let mut client = UpdateClient::connect(format!("http://{node_ip}:31373")).await?;
+    use hyper::Uri;
+    use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor};
+    use occlum_ratls::{prelude::*, RaTlsConfigBuilder};
+    use tokio_rustls::rustls::ClientConfig;
+
+    println!("Getting key from {node_ip}...");
+
+    let mrsigner_hex = "83E8A0C3ED045D9747ADE06C3BFC70FCA661A4A65FF79A800223621162A88B76";
+    let mrsigner = crate::sgx::mrsigner_from_hex(mrsigner_hex).expect("mrsigner decoding failed");
+    let config = RaTlsConfig::new()
+        .allow_instance_measurement(InstanceMeasurement::new().with_mrsigners(vec![mrsigner]));
+
+    let tls = ClientConfig::from_ratls_config(config)
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("{}", e)))?;
+
+    let mut http = HttpConnector::new();
+    http.enforce_http(false);
+
+    let cloned_node_ip = node_ip.clone();
+
+    let connector = tower::ServiceBuilder::new()
+        .layer_fn(move |s| {
+            let tls = tls.clone();
+
+            hyper_rustls::HttpsConnectorBuilder::new()
+                .with_tls_config(tls)
+                .https_or_http()
+                .enable_http2()
+                .wrap_connector(s)
+        })
+        .map_request(move |_| {
+            Uri::from_str(&format!("https://{cloned_node_ip}:31373")).expect("Could not parse URI")
+        })
+        .service(http);
+
+    let client = hyper_util::client::legacy::Client::builder(TokioExecutor::new()).build(connector);
+
+    let uri = Uri::from_static("https://example.com");
+    let mut client = UpdateClient::with_origin(client, uri);
+
     let response = client.get_keys(tonic::Request::new(Empty {})).await?;
     let response = &response.into_inner();
     let keypair = response.keypair.clone();