diff --git a/deployment_scripts/puppet/modules/nsxv/manifests/init.pp b/deployment_scripts/puppet/modules/nsxv/manifests/init.pp
index 1367cac..ddc5825 100644
--- a/deployment_scripts/puppet/modules/nsxv/manifests/init.pp
+++ b/deployment_scripts/puppet/modules/nsxv/manifests/init.pp
@@ -19,7 +19,7 @@ class nsxv (
 
   $ca_filename = try_get_value($settings['nsxv_ca_file'],'name','')
   if empty($ca_filename) {
-    $insecure = true # used in nsx.ini.erb template
+    $insecure = $settings['nsxv_insecure'] # used in nsx.ini.erb template
   } else {
     $insecure = false
     $ca_certificate_content = $settings['nsxv_ca_file']['content']
diff --git a/deployment_scripts/puppet/modules/nsxv/templates/nsx.ini.erb b/deployment_scripts/puppet/modules/nsxv/templates/nsx.ini.erb
index 006e289..50528a1 100644
--- a/deployment_scripts/puppet/modules/nsxv/templates/nsx.ini.erb
+++ b/deployment_scripts/puppet/modules/nsxv/templates/nsx.ini.erb
@@ -8,7 +8,7 @@ manager_uri = https://<%= settings['nsxv_manager_host'] %>
 insecure = <%= scope.lookupvar('insecure') %>
 
 # (Optional) Specify a CA bundle file to use in verifying the NSXv server certificate.
-<% if not scope.lookupvar('insecure') -%>
+<% if not (settings['ca_file']).to_s.strip.empty? -%>
 ca_file = <%= scope.lookupvar('ca_file') %>
 <% else -%>
 # ca_file =
diff --git a/doc/user/source/configuration.rst b/doc/user/source/configuration.rst
index 0d176f9..d70c405 100644
--- a/doc/user/source/configuration.rst
+++ b/doc/user/source/configuration.rst
@@ -31,9 +31,20 @@ Plugin contains the following settings:
 
 #. NSX Manager password.
 
+#. Bypass NSX Manager certificate verification -- if enabled then HTTPS
+   connection will not be verified. Otherwise two options are available:
+
+   * setting "CA certificate file" appear below making it possible to upload CA
+     certificate that issued NSX Manager certificate.
+
+   * no CA certificate provided, then NSX Manager certificate will be verified
+     against CA certificate bundle that comes by default within OpenStack
+     controller node operating system.
+
 #. CA certificate file -- file in PEM format that contains bundle of CA
-   certificates which will be used by Neutron during HTTPS connection to NSX
-   Manager.  If no file is present, then HTTPS connection will not be verified.
+   certificates which will be used by the plugin during NSX Manager certificate
+   verification. If no file is present, then HTTPS connection will not be
+   verified.
 
 #. Datacenter MoRef ID -- ID of Datacenter where NSX Edge nodes will be
    deployed.
diff --git a/environment_config.yaml b/environment_config.yaml
index 5bcc7b0..95da68a 100644
--- a/environment_config.yaml
+++ b/environment_config.yaml
@@ -32,12 +32,21 @@ attributes:
     regex:
       source: '^.+$'
       error: 'You must specify the password'
+  nsxv_insecure:
+    value: true
+    label: "Bypass NSX Manager certificate verification"
+    description: ''
+    weight: 22
+    type: 'checkbox'
   nsxv_ca_file:
     value: ''
     label: 'CA certificate file'
-    description: 'Specify a CA certificate file to use in NSX Manager certificate verification, if empty - certificate will not be verified'
+    description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
     weight: 25
     type: 'file'
+    restrictions:
+      - condition: "settings:nsxv.nsxv_insecure.value == true"
+        action: "hide"
   nsxv_datacenter_moid:
     value: ''
     label: 'Datacenter MoRef ID'