diff --git a/registry.py b/registry.py
index dbc82d1..b4109b3 100755
--- a/registry.py
+++ b/registry.py
@@ -57,7 +57,15 @@
 class Requests:
 
     def request(self, method, url, **kwargs):
-        return requests.request(method, url, **kwargs)
+        s = requests.Session()
+
+        if args.cert and args.key:
+            s.cert = (args.cert.name, args.key.name)
+
+        if args.cacert:
+            s.verify = args.cacert.name
+
+        return s.request(method, url, **kwargs)
 
     def bearer_request(self, method, url, auth, **kwargs):
         global DEBUG
@@ -513,6 +521,30 @@ def parse_args(args=None):
         default=False,
         const=True)
 
+    parser.add_argument(
+        '--cacert',
+        help='Use this CA certificate to validate the registrys certificate',
+        action='store',
+        type=argparse.FileType('r'),
+        default=False,
+        metavar="CERT")
+
+    parser.add_argument(
+        '--cert',
+        help='Use this client certificate to connect to registry',
+        action='store',
+        default=False,
+        type=argparse.FileType('r'),
+        metavar="CERT")
+
+    parser.add_argument(
+        '--key',
+        help='Use this client certificate key to connect to registry',
+        action='store',
+        default=False,
+        type=argparse.FileType('r'),
+        metavar="KEY")
+
     parser.add_argument(
         '--delete-all',
         help="Will delete all tags. Be careful with this!",
@@ -740,6 +772,10 @@ def main_loop(args):
 
     keep_last_versions = int(args.num)
 
+    if bool(args.cert) != bool(args.key):
+        print("Can't use only one of --cert and --key!")
+        sys.exit(1)
+
     if args.no_validate_ssl:
         requests.packages.urllib3.disable_warnings(InsecureRequestWarning)