diff --git a/vsphere/cloud.conf b/vsphere/cloud.conf
index 3a5fe46..8edae5b 100644
--- a/vsphere/cloud.conf
+++ b/vsphere/cloud.conf
@@ -2,7 +2,7 @@
 user="${ vsphere_user }"
 password="${ vsphere_password }"
 server="${ vsphere_server }"
-insecure-flag="1"
+insecure-flag="${ allow_unverified_ssl }"
 datacenter="${ vsphere_datacenter }"
 datastore="${ vsphere_datastore }"
 working-dir="${ vsphere_vm_folder }"
diff --git a/vsphere/input.tf b/vsphere/input.tf
index bb00e86..df93225 100644
--- a/vsphere/input.tf
+++ b/vsphere/input.tf
@@ -13,6 +13,10 @@ variable "vsphere_server" {}
 variable "vsphere_user" {}
 variable "vsphere_password" {}
 
+variable "allow_unverified_ssl" {
+  default = false
+}
+
 # AWS Auth Settings for the Load Balancer & Elastic IP
 # This should be the account linked to the VMC SDDC.
 variable "vsphere_aws_access_key_id" {}
diff --git a/vsphere/vsphere.tf b/vsphere/vsphere.tf
index 1e1b57d..33a4358 100644
--- a/vsphere/vsphere.tf
+++ b/vsphere/vsphere.tf
@@ -13,7 +13,7 @@ provider "vsphere" {
   user           = "${var.vsphere_user}"
   password       = "${var.vsphere_password}"
 
-  allow_unverified_ssl = true
+  allow_unverified_ssl = "${var.allow_unverified_ssl}"
 }
 
 # Enable the GZIP Provider
@@ -25,11 +25,12 @@ data "template_file" "cloud_conf" {
   template = "${file( "${ path.module}/cloud.conf" )}"
 
   vars {
-    vsphere_user       = "${var.vsphere_user}"
-    vsphere_server     = "${var.vsphere_server}"
-    vsphere_password   = "${var.vsphere_password}"
-    vsphere_datacenter = "${var.datacenter}"
-    vsphere_datastore  = "${var.datastore_name}"
-    vsphere_vm_folder  = "${var.vm_folder}"
+    vsphere_user         = "${var.vsphere_user}"
+    vsphere_server       = "${var.vsphere_server}"
+    vsphere_password     = "${var.vsphere_password}"
+    vsphere_datacenter   = "${var.datacenter}"
+    vsphere_datastore    = "${var.datastore_name}"
+    vsphere_vm_folder    = "${var.vm_folder}"
+    allow_unverified_ssl = "${var.allow_unverified_ssl ? 1 : 0}"
   }
 }