diff --git a/clientbase/common.go b/clientbase/common.go
index 11cd3de9..e809c327 100644
--- a/clientbase/common.go
+++ b/clientbase/common.go
@@ -2,6 +2,8 @@ package clientbase
 
 import (
 	"bytes"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -32,6 +34,7 @@ type ClientOpts struct {
 	SecretKey  string
 	Timeout    time.Duration
 	HTTPClient *http.Client
+	CACerts    string
 }
 
 type APIError struct {
@@ -147,6 +150,20 @@ func NewAPIClient(opts *ClientOpts) (APIBaseClient, error) {
 
 	client.Timeout = opts.Timeout
 
+	if opts.CACerts != "" {
+		roots := x509.NewCertPool()
+		ok := roots.AppendCertsFromPEM([]byte(opts.CACerts))
+		if !ok {
+			return result, err
+		}
+		tr := &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: roots,
+			},
+		}
+		client.Transport = tr
+	}
+
 	req, err := http.NewRequest("GET", opts.URL, nil)
 	if err != nil {
 		return result, err