diff --git a/zun/container/docker/driver.py b/zun/container/docker/driver.py
index af3f8fea7..458e9d74a 100644
--- a/zun/container/docker/driver.py
+++ b/zun/container/docker/driver.py
@@ -917,12 +917,16 @@ class DockerDriver(driver.BaseDriver, driver.ContainerDriver,
 
     @check_container_id
     def get_websocket_url(self, context, container):
+        protocol = "wss" if (not CONF.docker.api_insecure and
+                             CONF.docker.ca_file and
+                             CONF.docker.key_file and
+                             CONF.docker.cert_file) else "ws"
         version = CONF.docker.docker_remote_api_version
         remote_api_host = CONF.docker.docker_remote_api_host
         remote_api_port = CONF.docker.docker_remote_api_port
-        url = "ws://" + remote_api_host + ":" + remote_api_port + \
-              "/v" + version + "/containers/" + container.container_id \
-              + ATTACH_FLAG
+        url = protocol + "://" + remote_api_host + ":" + remote_api_port \
+            + "/v" + version + "/containers/" + container.container_id \
+            + ATTACH_FLAG
         return url
 
     @check_container_id
diff --git a/zun/container/docker/utils.py b/zun/container/docker/utils.py
index cac401fe7..b80a8580f 100644
--- a/zun/container/docker/utils.py
+++ b/zun/container/docker/utils.py
@@ -60,8 +60,7 @@ class DockerHTTPClient(docker.APIClient):
         if ca_cert and client_key and client_cert:
             ssl_config = docker.tls.TLSConfig(
                 client_cert=(client_cert, client_key),
-                verify=ca_cert,
-                assert_hostname=False,
+                verify=ca_cert
             )
         else:
             ssl_config = False
diff --git a/zun/websocket/websocketclient.py b/zun/websocket/websocketclient.py
index 688846cdc..f3e094ad3 100644
--- a/zun/websocket/websocketclient.py
+++ b/zun/websocket/websocketclient.py
@@ -13,9 +13,14 @@
 #    under the License.
 
 import socket
+import ssl
 import websocket
 
 from zun.common import exception
+import zun.conf
+
+
+CONF = zun.conf.CONF
 
 
 class WebSocketClient(object):
@@ -29,8 +34,17 @@ class WebSocketClient(object):
 
     def connect(self):
         url = self.host_url
+        sslopt = None
+        if url.startswith('wss'):
+            ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+            ssl_context.load_verify_locations(CONF.docker.ca_file)
+            ssl_context.load_cert_chain(CONF.docker.cert_file,
+                                        CONF.docker.key_file)
+            sslopt = {'context': ssl_context}
+
         try:
             self.ws = websocket.create_connection(url,
+                                                  sslopt=sslopt,
                                                   skip_utf8_validation=True)
         except socket.error as e:
             raise exception.ConnectionFailed(e)