diff --git a/kuryr/common/config.py b/kuryr/common/config.py
index 2e119bf0..b8206081 100644
--- a/kuryr/common/config.py
+++ b/kuryr/common/config.py
@@ -75,6 +75,12 @@ keystone_opts = [
     cfg.StrOpt('admin_token',
                default=os.environ.get('SERVICE_TOKEN'),
                help=_('The admin token.')),
+    cfg.StrOpt('auth_ca_cert',
+               default=os.environ.get('SERVICE_CA_CERT'),
+               help=_('The CA certification file.')),
+    cfg.BoolOpt('auth_insecure',
+                default=False,
+                help=_("Turn off verification of the certificate for ssl")),
 ]
 binding_opts = [
     cfg.StrOpt('veth_dst_prefix',
diff --git a/kuryr/controllers.py b/kuryr/controllers.py
index 1dc01714..d2a5fe1e 100644
--- a/kuryr/controllers.py
+++ b/kuryr/controllers.py
@@ -88,13 +88,16 @@ def get_neutron_client():
     password = keystone_conf.admin_password
     auth_token = keystone_conf.admin_token
     auth_uri = keystone_conf.auth_uri.rstrip('/')
+    ca_cert = keystone_conf.auth_ca_cert
+    insecure = keystone_conf.auth_insecure
 
     neutron_uri = cfg.CONF.neutron_client.neutron_uri
     if username and password:
         # Authenticate with password crentials
         neutron_client = utils.get_neutron_client(
             url=neutron_uri, username=username, tenant_name=tenant_name,
-            password=password, auth_url=auth_uri)
+            password=password, auth_url=auth_uri,
+            ca_cert=ca_cert, insecure=insecure)
     else:
         neutron_client = utils.get_neutron_client_simple(
             url=neutron_uri, auth_url=auth_uri, token=auth_token)
diff --git a/kuryr/utils.py b/kuryr/utils.py
index 3e12d799..266ff6fe 100644
--- a/kuryr/utils.py
+++ b/kuryr/utils.py
@@ -40,11 +40,12 @@ def get_neutron_client_simple(url, auth_url, token):
 
 
 def get_neutron_client(url, username, tenant_name, password,
-                       auth_url, timeout=30):
+                       auth_url, ca_cert, insecure, timeout=30):
 
     return client_v2.Client(endpoint_url=url, timeout=timeout,
-                           username=username, tenant_name=tenant_name,
-                           password=password, auth_url=auth_url)
+                            username=username, tenant_name=tenant_name,
+                            password=password, auth_url=auth_url,
+                            ca_cert=ca_cert, insecure=insecure)
 
 
 # Return all errors as JSON. From http://flask.pocoo.org/snippets/83/