diff --git a/src/config_passport.js b/src/config_passport.js
index 761ef5a45a273e9f59694d05a2e696a459124100..3113a03d082c79afe17dbc8236cd88d059b4af5c 100644
--- a/src/config_passport.js
+++ b/src/config_passport.js
@@ -45,7 +45,7 @@ passport.use(new LdapStrategy({
         searchBase: ldapConfig.dn.user, // this field cannot be left empty.
         searchFilter: '(uid={{username}})', // this field cannot be left empty.
         searchAttributes: ['uid', 'urlPhoto'], // only fetch the uid, no need for any other field
-        //tlsOptions: '..........',
+        tlsOptions: ldapConfig.tlsOptions,
         //https://www.npmjs.com/package/passport-ldapauth for more
     },
     //usernameField: 'username', // Field name where the username is found, defaults to username
diff --git a/src/ldap/internal/basics.ts b/src/ldap/internal/basics.ts
index 96824ac4e64d07b21490bfd4fa84aad7dd4d1470..5f7b8c0d2139cfa179f0a0ffbf5149cc36a66341 100644
--- a/src/ldap/internal/basics.ts
+++ b/src/ldap/internal/basics.ts
@@ -14,7 +14,7 @@ import ldapEscape from 'ldap-escape';
 import {ldapConfig, credentialsLdapConfig} from './config';
 
 // Connection au serveur LDAP avec des temps de timeout arbitraires
-var client = ldap.createClient({ url: ldapConfig.server});
+var client = ldap.createClient({ url: ldapConfig.server, tlsOptions: ldapConfig.tlsOptions });
 
 // Interface pratique pour que Typescript comprenne ce qu'est un dictionnaire simple
 interface dic {
diff --git a/src/ldap/internal/config.ts b/src/ldap/internal/config.ts
index 3b00495644370c4c05267190703c4a55afb2af8d..0d983cb216e0663ea7f758a3460381509ffc2544 100644
--- a/src/ldap/internal/config.ts
+++ b/src/ldap/internal/config.ts
@@ -31,6 +31,15 @@ else {
     else                                        ldapConfig.server = ldapConfig.server_dev;
 }
 
+//Get certification authorities
+let ca = []
+if(process.env.CA !== undefined) {
+    for(let file of process.env.CA.split(' ')) {
+        ca.push(fs.readFileSync(file));
+    }
+}
+ldapConfig.tlsOptions = { ca: ca };
+
 // Gestion des super-identifiants
 let path_credentials = path.resolve(__dirname, '..', '..', '..', 'ldap_credentials.json');
 console.log(colors.green("Loading LDAP credentials from "+path_credentials));