diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample
index 96118eb76ffc..571c3e63a253 100644
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@@ -2282,6 +2282,10 @@
 # value)
 #cinder_http_retries=3
 
+# Allow to perform insecure SSL (https) requests to cinder
+# (boolean value)
+#cinder_api_insecure=false
+
 
 [conductor]
 
@@ -2546,4 +2550,4 @@
 #keymap=en-us
 
 
-# Total option count: 519
+# Total option count: 520
diff --git a/nova/tests/test_cinder.py b/nova/tests/test_cinder.py
index 29e2e978b218..79b5ae66a19e 100644
--- a/nova/tests/test_cinder.py
+++ b/nova/tests/test_cinder.py
@@ -98,13 +98,14 @@ class FakeHTTPClient(cinder.cinder_client.client.HTTPClient):
 class FakeCinderClient(cinder.cinder_client.Client):
 
     def __init__(self, username, password, project_id=None, auth_url=None,
-                 retries=None):
+                 insecure=False, retries=None):
         super(FakeCinderClient, self).__init__(username, password,
                                                project_id=project_id,
                                                auth_url=auth_url,
+                                               insecure=insecure,
                                                retries=retries)
         self.client = FakeHTTPClient(username, password, project_id, auth_url,
-                                     retries=retries)
+                                     insecure=insecure, retries=retries)
         # keep a ref to the clients callstack for factory's assert_called
         self.callstack = self.client.callstack = []
 
@@ -177,6 +178,15 @@ class CinderTestCase(test.TestCase):
         self.assertTrue('volume_image_metadata' in volume)
         self.assertEqual(volume['volume_image_metadata'], _image_metadata)
 
+    def test_cinder_api_insecure(self):
+        # The True/False negation is awkward, but better for the client
+        # to pass us insecure=True and we check verify_cert == False
+        self.flags(cinder_api_insecure=True)
+        volume = self.api.get(self.context, '1234')
+        self.assert_called('GET', '/volumes/1234')
+        self.assertEquals(
+            self.fake_client_factory.client.client.verify_cert, False)
+
     def test_cinder_http_retries(self):
         retries = 42
         self.flags(cinder_http_retries=retries)
diff --git a/nova/volume/cinder.py b/nova/volume/cinder.py
index fccdedac8dd9..3e1ccc66b85f 100644
--- a/nova/volume/cinder.py
+++ b/nova/volume/cinder.py
@@ -48,6 +48,9 @@ cinder_opts = [
     cfg.IntOpt('cinder_http_retries',
                default=3,
                help='Number of cinderclient retries on failed http calls'),
+    cfg.BoolOpt('cinder_api_insecure',
+               default=False,
+               help='Allow to perform insecure SSL requests to cinder'),
 ]
 
 CONF = cfg.CONF
@@ -88,6 +91,7 @@ def cinderclient(context):
                              context.auth_token,
                              project_id=context.project_id,
                              auth_url=url,
+                             insecure=CONF.cinder_api_insecure,
                              retries=CONF.cinder_http_retries)
     # noauth extracts user_id:project_id from auth_token
     c.client.auth_token = context.auth_token or '%s:%s' % (context.user_id,