diff --git a/README.md b/README.md
index 57e9e19..965a2c7 100644
--- a/README.md
+++ b/README.md
@@ -4,4 +4,24 @@ FlowFuse driver to create projects as docker containers
 
 ## Configuration
 
+## Configuration
+
+In the `flowforge.yml` file
+
+```yaml
+...
+driver:
+  type: docker
+  options:
+    socket: /var/run/docker.sock
+    registry: containers.flowforge.com
+    privateCA: /full/path/to/chain.pem
+```
+
+ - `registry` is the Docker Registry to load Stack Containers from (default: Docker Hub)
+ - `socket` is the path to the docker unix domain socket (default: /var/run/docker.sock)
+ - privateCA: is the fully qualified path to a pem file containing trusted CA cert chain (default: not set)
+
+### Configuration via environment variables
+
  - `DOCKER_SOCKET` - Path to docker unix domain socket
diff --git a/docker.js b/docker.js
index 5db0a34..3273130 100644
--- a/docker.js
+++ b/docker.js
@@ -1,3 +1,4 @@
+const fs = require('fs')
 const got = require('got')
 const Docker = require('dockerode')
 
@@ -85,6 +86,13 @@ const createContainer = async (project, domain) => {
         contOptions.Env.push(`FORGE_NR_SECRET=${credentialSecret}`)
     }
 
+    if (this._app.config.driver.options.privateCA && fs.existsSync(this._app.config.driver.options.privateCA)) {
+        contOptions.Binds = [
+            `${this._app.config.driver.options.privateCA}:/usr/local/ssl-certs/chain.pem`
+        ]
+        contOptions.Env.push('NODE_EXTRA_CA_CERTS=/usr/local/ssl-certs/chain.pem')
+    }
+
     const container = await this._docker.createContainer(contOptions)
     return container.start()
         .then(async () => {