diff --git a/builtin/providers/vsphere/config.go b/builtin/providers/vsphere/config.go
index 1f6af7ffd6e9..f483f5c88691 100644
--- a/builtin/providers/vsphere/config.go
+++ b/builtin/providers/vsphere/config.go
@@ -9,14 +9,11 @@ import (
 	"golang.org/x/net/context"
 )
 
-const (
-	defaultInsecureFlag = true
-)
-
 type Config struct {
 	User          string
 	Password      string
 	VCenterServer string
+	InsecureFlag  bool
 }
 
 // Client() returns a new client for accessing VMWare vSphere.
@@ -28,7 +25,7 @@ func (c *Config) Client() (*govmomi.Client, error) {
 
 	u.User = url.UserPassword(c.User, c.Password)
 
-	client, err := govmomi.NewClient(context.TODO(), u, defaultInsecureFlag)
+	client, err := govmomi.NewClient(context.TODO(), u, c.InsecureFlag)
 	if err != nil {
 		return nil, fmt.Errorf("Error setting up client: %s", err)
 	}
diff --git a/builtin/providers/vsphere/provider.go b/builtin/providers/vsphere/provider.go
index 4dce81a9d6a3..d29a611ee242 100644
--- a/builtin/providers/vsphere/provider.go
+++ b/builtin/providers/vsphere/provider.go
@@ -29,6 +29,13 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_VCENTER", nil),
 				Description: "The vCenter Server name for vSphere API operations.",
 			},
+
+			"insecure": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("VSPHERE_INSECURE", false),
+				Description: "Explicitly allow the provider to perform 'insecure' SSL requests.",
+			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
@@ -44,6 +51,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 		User:          d.Get("user").(string),
 		Password:      d.Get("password").(string),
 		VCenterServer: d.Get("vcenter_server").(string),
+		InsecureFlag:  d.Get("insecure").(bool),
 	}
 
 	return config.Client()
diff --git a/website/source/docs/providers/vsphere/index.html.markdown b/website/source/docs/providers/vsphere/index.html.markdown
index 9a6880a413bb..f79244217bc5 100644
--- a/website/source/docs/providers/vsphere/index.html.markdown
+++ b/website/source/docs/providers/vsphere/index.html.markdown
@@ -57,6 +57,8 @@ The following arguments are used to configure the VMware vSphere Provider:
 * `vcenter_server` - (Required) This is the vCenter server name for vSphere API
   operations. Can also be specified with the `VSPHERE_VCENTER` environment
   variable.
+* `insecure` - (Optional) Explicitly allow the provider to perform "insecure"
+  SSL requests. If omitted, default value is `false`.
 
 ## Acceptance Tests