diff --git a/devstack/lib/vmware_dvs b/devstack/lib/vmware_dvs
index cefe64467f..7dae2edd46 100644
--- a/devstack/lib/vmware_dvs
+++ b/devstack/lib/vmware_dvs
@@ -85,6 +85,8 @@ function neutron_plugin_configure_service {
     iniset /$Q_PLUGIN_CONF_FILE dvs host_ip "$VMWAREAPI_IP"
     iniset /$Q_PLUGIN_CONF_FILE dvs host_username "$VMWAREAPI_USER"
     iniset /$Q_PLUGIN_CONF_FILE dvs host_password "$VMWAREAPI_PASSWORD"
+    iniset /$Q_PLUGIN_CONF_FILE dvs ca_file "$VMWAREAPI_CA_FILE"
+    iniset /$Q_PLUGIN_CONF_FILE dvs insecure "$VMWAREAPI_INSECURE"
     iniset /$Q_PLUGIN_CONF_FILE dvs dvs_name "$VMWARE_DVS_NAME"
 }
 
diff --git a/vmware_nsx/neutron/plugins/vmware/dvs/dvs_utils.py b/vmware_nsx/neutron/plugins/vmware/dvs/dvs_utils.py
index 0e6b0a8009..e914c4dd68 100644
--- a/vmware_nsx/neutron/plugins/vmware/dvs/dvs_utils.py
+++ b/vmware_nsx/neutron/plugins/vmware/dvs/dvs_utils.py
@@ -29,6 +29,15 @@ dvs_opts = [
     cfg.FloatOpt('task_poll_interval',
                  default=0.5,
                  help='The interval used for polling of remote tasks.'),
+    cfg.StrOpt('ca_file',
+               help='Specify a CA bundle file to use in verifying the '
+                    'vCenter server certificate.'),
+    cfg.BoolOpt('insecure',
+                default=False,
+                help='If true, the vCenter server certificate is not '
+                     'verified. If false, then the default CA truststore is '
+                     'used for verification. This option is ignored if '
+                     '"ca_file" is set.'),
     cfg.IntOpt('api_retry_count',
                default=10,
                help='The number of times we retry on failures, e.g., '
@@ -53,7 +62,9 @@ def dvs_create_session():
                                 CONF.dvs.host_password,
                                 CONF.dvs.api_retry_count,
                                 CONF.dvs.task_poll_interval,
-                                port=CONF.dvs.host_port)
+                                port=CONF.dvs.host_port,
+                                cacert=CONF.dvs.ca_file,
+                                insecure=CONF.dvs.insecure)
 
 
 def dvs_name_get():
diff --git a/vmware_nsx/neutron/tests/unit/vmware/test_dvs_utils.py b/vmware_nsx/neutron/tests/unit/vmware/test_dvs_utils.py
index 5605be3433..974c5ab124 100644
--- a/vmware_nsx/neutron/tests/unit/vmware/test_dvs_utils.py
+++ b/vmware_nsx/neutron/tests/unit/vmware/test_dvs_utils.py
@@ -35,6 +35,8 @@ class DvsUtilsTestCase(base.BaseTestCase):
                               group='dvs')
         cfg.CONF.set_override('dvs_name', 'fake_dvs', group='dvs')
         cfg.CONF.set_override('host_port', '443', group='dvs')
+        cfg.CONF.set_override('ca_file', 'cacert', group='dvs')
+        cfg.CONF.set_override('insecure', False, group='dvs')
 
     def test_dvs_set(self):
         self._dvs_fake_cfg_set()
@@ -49,7 +51,9 @@ class DvsUtilsTestCase(base.BaseTestCase):
                                           cfg.CONF.dvs.host_password,
                                           cfg.CONF.dvs.api_retry_count,
                                           cfg.CONF.dvs.task_poll_interval,
-                                          port=cfg.CONF.dvs.host_port)
+                                          port=cfg.CONF.dvs.host_port,
+                                          cacert=cfg.CONF.dvs.ca_file,
+                                          insecure=cfg.CONF.dvs.insecure)
 
     def test_dvs_name_get(self):
         cfg.CONF.set_override('dvs_name', 'fake-dvs', group='dvs')