diff --git a/cinder/common/config.py b/cinder/common/config.py
index 3b0cf937331..0327712b426 100644
--- a/cinder/common/config.py
+++ b/cinder/common/config.py
@@ -100,6 +100,9 @@ global_opts = [
                      'can improve data throughput, such as when high '
                      'network bandwidth is available and you use '
                      'compressed image formats like qcow2.'),
+    cfg.StrOpt('glance_ca_certificates_file',
+               help='Location of ca certificates file to use for glance '
+                    'client requests.'),
     cfg.IntOpt('glance_request_timeout',
                default=None,
                help='http/https timeout value for glance operations. If no '
diff --git a/cinder/image/glance.py b/cinder/image/glance.py
index d91582ec466..16340d5084a 100644
--- a/cinder/image/glance.py
+++ b/cinder/image/glance.py
@@ -84,6 +84,7 @@ def _create_glance_client(context, netloc, use_ssl,
         # https specific params
         params['insecure'] = CONF.glance_api_insecure
         params['ssl_compression'] = CONF.glance_api_ssl_compression
+        params['cacert'] = CONF.glance_ca_certificates_file
     else:
         scheme = 'http'
     if CONF.auth_strategy == 'keystone':
diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 49417526f1f..8457febea27 100644
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -524,6 +524,10 @@
 # value)
 #glance_api_ssl_compression=false
 
+# Location of ca certificates file to use for glance client
+# requests. (string value)
+#glance_ca_certificates_file=<None>
+
 # http/https timeout value for glance operations. If no value
 # (None) is supplied here, the glanceclient default value is
 # used. (integer value)