diff --git a/ceilometerclient/client.py b/ceilometerclient/client.py
index 620fe54..bffc2bf 100644
--- a/ceilometerclient/client.py
+++ b/ceilometerclient/client.py
@@ -15,6 +15,7 @@ from keystoneclient.auth.identity import v3 as v3_auth
 from keystoneclient import discover
 from keystoneclient import exceptions as ks_exc
 from keystoneclient import session
+from oslo.utils import strutils
 import six.moves.urllib.parse as urlparse
 
 from ceilometerclient.common import utils
@@ -174,7 +175,8 @@ class AuthPlugin(auth.BaseAuthPlugin):
                 'cacert': self.opts.get('cacert'),
                 'cert': self.opts.get('cert'),
                 'key': self.opts.get('key'),
-                'insecure': self.opts.get('insecure'),
+                'insecure': strutils.bool_from_string(
+                    self.opts.get('insecure')),
                 'endpoint_type': self.opts.get('endpoint_type'),
             }
 
diff --git a/ceilometerclient/tests/test_client.py b/ceilometerclient/tests/test_client.py
index b569ff3..a998d93 100644
--- a/ceilometerclient/tests/test_client.py
+++ b/ceilometerclient/tests/test_client.py
@@ -117,7 +117,7 @@ class ClientTest(utils.BaseTestCase):
             'original_ip': None,
             'http': None,
             'region_name': None,
-            'verify': None,
+            'verify': True,
             'timings': None,
             'keyring_saver': None,
             'cert': None,
diff --git a/ceilometerclient/tests/test_shell.py b/ceilometerclient/tests/test_shell.py
index e7c0e98..f121d29 100644
--- a/ceilometerclient/tests/test_shell.py
+++ b/ceilometerclient/tests/test_shell.py
@@ -20,6 +20,7 @@ import six
 from testtools import matchers
 
 from ceilometerclient import exc
+from ceilometerclient.openstack.common.apiclient import client as api_client
 from ceilometerclient import shell as ceilometer_shell
 from ceilometerclient.tests import utils
 from ceilometerclient.v2 import client as v2client
@@ -169,3 +170,38 @@ class ShellTimeoutTest(ShellTestBase):
         expected_msg = ('ceilometer: error: argument --timeout: '
                         '0 must be greater than 0')
         self._test_timeout('0', expected_msg)
+
+
+class ShellInsecureTest(ShellTestBase):
+
+    @mock.patch.object(api_client, 'HTTPClient')
+    def test_insecure_true_ceilometer(self, mocked_client):
+        self.make_env(FAKE_V2_ENV)
+        args = ['--debug', '--os-insecure', 'true', 'alarm-list']
+        self.assertIsNone(ceilometer_shell.main(args))
+        args, kwargs = mocked_client.call_args
+        self.assertEqual(False, kwargs.get('verify'))
+
+    @mock.patch.object(ks_session, 'Session')
+    def test_insecure_true_keystone(self, mocked_session):
+        mocked_session.side_effect = exc.HTTPUnauthorized("FAIL")
+        self.make_env(FAKE_V2_ENV)
+        args = ['--debug', '--os-insecure', 'true', 'alarm-list']
+        self.assertRaises(exc.CommandError, ceilometer_shell.main, args)
+        mocked_session.assert_called_with(verify=False, cert='')
+
+    @mock.patch.object(api_client, 'HTTPClient')
+    def test_insecure_false_ceilometer(self, mocked_client):
+        self.make_env(FAKE_V2_ENV)
+        args = ['--debug', '--os-insecure', 'false', 'alarm-list']
+        self.assertIsNone(ceilometer_shell.main(args))
+        args, kwargs = mocked_client.call_args
+        self.assertEqual(True, kwargs.get('verify'))
+
+    @mock.patch.object(ks_session, 'Session')
+    def test_insecure_false_keystone(self, mocked_session):
+        mocked_session.side_effect = exc.HTTPUnauthorized("FAIL")
+        self.make_env(FAKE_V2_ENV)
+        args = ['--debug', '--os-insecure', 'false', 'alarm-list']
+        self.assertRaises(exc.CommandError, ceilometer_shell.main, args)
+        mocked_session.assert_called_with(verify=True, cert='')
diff --git a/ceilometerclient/v2/client.py b/ceilometerclient/v2/client.py
index 85caf36..88616ba 100644
--- a/ceilometerclient/v2/client.py
+++ b/ceilometerclient/v2/client.py
@@ -15,6 +15,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo.utils import strutils
+
 from ceilometerclient import client as ceiloclient
 from ceilometerclient.openstack.common.apiclient import client
 from ceilometerclient.v2 import alarms
@@ -54,12 +56,15 @@ class Client(object):
             if timeout <= 0:
                 timeout = None
 
+        insecure = strutils.bool_from_string(kwargs.get('insecure'))
+        verify = kwargs.get('verify', not insecure)
+
         self.client = client.HTTPClient(
             auth_plugin=self.auth_plugin,
             region_name=kwargs.get('region_name'),
             endpoint_type=kwargs.get('endpoint_type'),
             original_ip=kwargs.get('original_ip'),
-            verify=kwargs.get('verify'),
+            verify=verify,
             cert=kwargs.get('cacert'),
             timeout=timeout,
             timings=kwargs.get('timings'),