diff --git a/fuel_ccp/cleanup.py b/fuel_ccp/cleanup.py
index b730a788..be30e9f9 100644
--- a/fuel_ccp/cleanup.py
+++ b/fuel_ccp/cleanup.py
@@ -32,7 +32,8 @@ def _wait_until_empty(attempts, resource_path,
 
 
 def _get_session(auth_url, username, password, project_name,
-                 project_domain_name='default', user_domain_name='default'):
+                 project_domain_name='default', user_domain_name='default',
+                 verify=True):
     auth = v3.Password(auth_url=auth_url,
                        username=username,
                        password=password,
@@ -40,7 +41,7 @@ def _get_session(auth_url, username, password, project_name,
                        project_domain_name=project_domain_name,
                        user_domain_name=user_domain_name)
 
-    return keystone_session.Session(auth=auth)
+    return keystone_session.Session(auth=auth, verify=verify)
 
 
 def _cleanup_servers(session):
@@ -110,7 +111,7 @@ def _cleanup_images(session):
         glance.images.delete(image.id)
 
 
-def _cleanup_openstack_environment(configs, auth_url=None):
+def _cleanup_openstack_environment(configs, auth_url=None, verify=True):
     if 'project_name' not in configs.get('openstack', {}):
         # Ensure that keystone configs are provided. Assume that it is not an
         # OpenStack deployment otherwise
@@ -124,7 +125,8 @@ def _cleanup_openstack_environment(configs, auth_url=None):
     session = _get_session(
         configs['auth_url'], configs['openstack']['user_name'],
         configs['openstack']['user_password'],
-        configs['openstack']['project_name'])
+        configs['openstack']['project_name'],
+        verify=verify)
 
     try:
         session.get_project_id()
@@ -185,7 +187,7 @@ def _cleanup_kubernetes_objects():
     LOG.info('Kubernetes objects cleanup has been finished successfully.')
 
 
-def cleanup(auth_url=None, skip_os_cleanup=False):
+def cleanup(auth_url=None, skip_os_cleanup=False, verify=True):
     if not skip_os_cleanup:
-        _cleanup_openstack_environment(CONF.configs, auth_url)
+        _cleanup_openstack_environment(CONF.configs, auth_url, verify)
     _cleanup_kubernetes_objects()
diff --git a/fuel_ccp/cli.py b/fuel_ccp/cli.py
index 0db1735b..4e820c7f 100644
--- a/fuel_ccp/cli.py
+++ b/fuel_ccp/cli.py
@@ -138,12 +138,19 @@ class Cleanup(BaseCommand):
         parser.add_argument('--skip-os-cleanup',
                             action='store_true',
                             help='Skip cleanup of OpenStack environment')
+        cert = parser.add_mutually_exclusive_group()
+        cert.add_argument('--insecure',
+                          action='store_true',
+                          help='Skip CA certificate verification')
+        cert.add_argument('--ca-cert',
+                          help='Path to CA certificate file')
         return parser
 
     def take_action(self, parsed_args):
         config.load_component_defaults()
         cleanup.cleanup(auth_url=parsed_args.auth_url,
-                        skip_os_cleanup=parsed_args.skip_os_cleanup)
+                        skip_os_cleanup=parsed_args.skip_os_cleanup,
+                        verify=parsed_args.ca_cert or not parsed_args.insecure)
 
 
 class ShowDep(BaseCommand):
diff --git a/fuel_ccp/tests/test_cli.py b/fuel_ccp/tests/test_cli.py
index aea43cf2..fbcfdd1d 100644
--- a/fuel_ccp/tests/test_cli.py
+++ b/fuel_ccp/tests/test_cli.py
@@ -151,15 +151,28 @@ class TestCleanup(TestParser):
     scenarios = [
         ('empty', {
             'argv': [],
-            'margs': {'auth_url': None, 'skip_os_cleanup': False},
+            'margs': {'auth_url': None, 'skip_os_cleanup': False,
+                      'insecure': False},
         }),
         ('auth_url', {
             'argv': ['--auth-url', 'testurl'],
-            'margs': {'auth_url': 'testurl', 'skip_os_cleanup': False},
+            'margs': {'auth_url': 'testurl', 'skip_os_cleanup': False,
+                      'insecure': False},
         }),
         ('auth_url_cleanup', {
             'argv': ['--auth-url', 'testurl', '--skip-os-cleanup'],
-            'margs': {'auth_url': 'testurl', 'skip_os_cleanup': True},
+            'margs': {'auth_url': 'testurl', 'skip_os_cleanup': True,
+                      'insecure': False},
+        }),
+        ('insecure', {
+            'argv': ['--insecure'],
+            'margs': {'auth_url': None, 'skip_os_cleanup': False,
+                      'insecure': True},
+        }),
+        ('empty', {
+            'argv': ['--ca-cert', '/tmp/ca.crt'],
+            'margs': {'auth_url': None, 'skip_os_cleanup': False,
+                      'insecure': False, 'ca_cert': '/tmp/ca.crt'},
         }),
     ]
 
@@ -169,6 +182,9 @@ class TestCleanup(TestParser):
         fixture = fixtures.MockPatch('fuel_ccp.cleanup.cleanup')
         c_mock = self.useFixture(fixture).mock
         self._run_app()
+        insecure = self.margs.pop('insecure', None)
+        ca_cert = self.margs.pop('ca_cert', None)
+        self.margs['verify'] = ca_cert or not insecure
         c_mock.assert_called_once_with(**self.margs)