diff --git a/cmd/cashier/config.go b/cmd/cashier/config.go
index b6e583a5b9c0bab29b11c237253b2e364a78963d..1196cbdb73e59900f111d3c10640ba9b07f0141e 100644
--- a/cmd/cashier/config.go
+++ b/cmd/cashier/config.go
@@ -5,10 +5,11 @@ import (
 )
 
 type config struct {
-	CA       string `mapstructure:"ca"`
-	Keytype  string `mapstructure:"key_type"`
-	Keysize  int    `mapstructure:"key_size"`
-	Validity string `mapstructure:"validity"`
+	CA                     string `mapstructure:"ca"`
+	Keytype                string `mapstructure:"key_type"`
+	Keysize                int    `mapstructure:"key_size"`
+	Validity               string `mapstructure:"validity"`
+	ValidateTLSCertificate bool   `mapstructure:"validate_tls_certificate"`
 }
 
 func setDefaults() {
@@ -16,6 +17,7 @@ func setDefaults() {
 	viper.SetDefault("key_type", "rsa")
 	viper.SetDefault("key_size", 2048)
 	viper.SetDefault("validity", "24h")
+	viper.SetDefault("validateTLSCertificate", true)
 }
 
 func readConfig(path string) (*config, error) {
diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go
index 2bac63a7ca3d418d43aa4e2f58147c3a06c75aef..564664c05af976b18fa61e0ea0023c3db1170b73 100644
--- a/cmd/cashier/main.go
+++ b/cmd/cashier/main.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -37,7 +38,11 @@ func installCert(a agent.Agent, cert *ssh.Certificate, key key) error {
 	return nil
 }
 
-func send(s []byte, token, ca string) (*lib.SignResponse, error) {
+func send(s []byte, token, ca string, ValidateTLSCertificate bool) (*lib.SignResponse, error) {
+	transport := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: !ValidateTLSCertificate},
+	}
+	client := &http.Client{Transport: transport}
 	req, err := http.NewRequest("POST", ca+"/sign", bytes.NewReader(s))
 	if err != nil {
 		return nil, err
@@ -45,7 +50,6 @@ func send(s []byte, token, ca string) (*lib.SignResponse, error) {
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Add("Accept", "application/json")
 	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, err
@@ -79,7 +83,7 @@ func sign(pub ssh.PublicKey, token string, conf *config) (*ssh.Certificate, erro
 	if err != nil {
 		return nil, err
 	}
-	resp, err := send(s, token, conf.CA)
+	resp, err := send(s, token, conf.CA, conf.ValidateTLSCertificate)
 	if err != nil {
 		return nil, err
 	}