diff --git a/cloudkittyclient/v1/client.py b/cloudkittyclient/v1/client.py
index d661069..80831ad 100644
--- a/cloudkittyclient/v1/client.py
+++ b/cloudkittyclient/v1/client.py
@@ -25,12 +25,26 @@ from cloudkittyclient.v1 import storage
 
 class Client(object):
 
-    def __init__(self, session=None, adapter_options={}, **kwargs):
+    def __init__(self,
+                 session=None,
+                 adapter_options={},
+                 cacert=None,
+                 insecure=False,
+                 **kwargs):
         adapter_options.setdefault('service_type', 'rating')
 
+        if insecure:
+            verify_cert = False
+        else:
+            if cacert:
+                verify_cert = cacert
+            else:
+                verify_cert = True
+
         self.session = session
         if self.session is None:
-            self.session = ks_session.Session(**kwargs)
+            self.session = ks_session.Session(
+                verify=verify_cert, **kwargs)
 
         self.api_client = adapter.Adapter(
             session=self.session, **adapter_options)
diff --git a/doc/source/usage.rst b/doc/source/usage.rst
index 1579d9b..20f7e9d 100644
--- a/doc/source/usage.rst
+++ b/doc/source/usage.rst
@@ -49,6 +49,16 @@ Else, use it the same way as any other OpenStack client::
                    u'res_type': u'ALL',
                    u'tenant_id': u'bea6a24f77e946b0a92dca7c78b7870b'}]}
 
+.. warning::
+
+   If you want to use SSL with the client as a python library, you need to
+   provide a cert to keystone's session object. Else, two additional options
+   are available if you provide an ``auth`` object to the client: ``insecure``
+   and ``cacert``::
+
+     >>> client = ck_client.Client(
+             '1', auth=auth, insecure=False, cacert='/path/to/ca')
+
 When using the ``cloudkitty`` CLI client with keystone authentication, the
 auth plugin to use should automagically be detected. If not, you can specify
 the auth plugin to use with ``--os-auth-type/--os-auth-plugin``::