diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java
index 8a4df5bbc3f..f00ab2d6c5d 100755
--- a/api/src/com/cloud/api/ApiConstants.java
+++ b/api/src/com/cloud/api/ApiConstants.java
@@ -187,6 +187,8 @@ public class ApiConstants {
     public static final String TIMEOUT = "timeout";
     public static final String TIMEZONE = "timezone";
     public static final String TYPE = "type";
+    public static final String TRUST_STORE = "truststore";
+    public static final String TRUST_STORE_PASSWORD = "truststorepass";
     public static final String URL = "url";
     public static final String USAGE_INTERFACE = "usageinterface";
     public static final String USER_DATA = "userdata";
@@ -338,7 +340,7 @@ public class ApiConstants {
     }
     
     public enum LDAPParams {
-        hostname, port, usessl, queryfilter, searchbase, dn, passwd;
+        hostname, port, usessl, queryfilter, searchbase, dn, passwd, truststore, truststorepass;
         
         @Override
         public String toString(){
diff --git a/api/src/com/cloud/api/commands/LDAPConfigCmd.java b/api/src/com/cloud/api/commands/LDAPConfigCmd.java
index 620b6d4da67..a79734b5e27 100644
--- a/api/src/com/cloud/api/commands/LDAPConfigCmd.java
+++ b/api/src/com/cloud/api/commands/LDAPConfigCmd.java
@@ -65,6 +65,11 @@ public class LDAPConfigCmd extends BaseCmd  {
     @Parameter(name=ApiConstants.BIND_PASSWORD, type=CommandType.STRING, description="Enter the password.")
     private String bindPassword;
     
+    @Parameter(name=ApiConstants.TRUST_STORE, type=CommandType.STRING, description="Enter the path to trust certificates store.")
+    private String trustStore;
+
+    @Parameter(name=ApiConstants.TRUST_STORE_PASSWORD, type=CommandType.STRING, description="Enter the password for trust store.")
+    private String trustStorePassword;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
@@ -98,6 +103,16 @@ public class LDAPConfigCmd extends BaseCmd  {
         return port <= 0 ? 389 : port;
     }
 
+    public String getTrustStore() {
+        return trustStore;
+    }
+
+
+    public String getTrustStorePassword() {
+        return trustStorePassword;
+    }
+
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index e537aade555..25557067f0f 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1244,14 +1244,13 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
             Boolean useSSL = cmd.getUseSSL();
             String bindDN = cmd.getBindDN();
             String bindPasswd = cmd.getBindPassword();
+            String trustStore = cmd.getTrustStore();
+            String trustStorePassword = cmd.getTrustStorePassword();
 
             if (bindDN != null && bindPasswd == null) {
                 throw new InvalidParameterValueException("If you specify a bind name then you need to provide bind password too.");
             }
-
-            // System.setProperty("javax.net.ssl.keyStore", "/cygdrive/c/citrix/info/cacerts.jks");
-            // System.setProperty("javax.net.ssl.keyStorePassword", "1111_aaaa");
-
+            
             // check if the info is correct
             Hashtable<String, String> env = new Hashtable<String, String>(11);
             env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
@@ -1259,9 +1258,15 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
             if (new Boolean(useSSL)) {
                 env.put(Context.SECURITY_PROTOCOL, "ssl");
                 protocol = "ldaps://";
+                if (trustStore == null || trustStorePassword==null ){
+                	throw new InvalidParameterValueException("If you plan to use SSL then you need to configure the trust store.");
+                }
+                System.setProperty("javax.net.ssl.trustStore", trustStore);
+                System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
             }
             env.put(Context.PROVIDER_URL, protocol + hostname + ":" + port);
             if (bindDN != null && bindPasswd != null) {
+            	env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.SECURITY_PRINCIPAL, bindDN);
                 env.put(Context.SECURITY_CREDENTIALS, bindPasswd);
             }
@@ -1320,13 +1325,30 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
             }
             cvo.setValue(DBEncryptionUtil.encrypt(bindPasswd));
             _configDao.persist(cvo);
+
+            cvo = _configDao.findByName(LDAPParams.truststore.toString());
+            if (cvo == null) {
+                cvo = new ConfigurationVO("Advanced", "DEFAULT", "management-server", LDAPParams.truststore.toString(), null, "Enter the path to trusted keystore");
+            }
+            cvo.setValue(trustStore);
+            _configDao.persist(cvo);
+
+            cvo = _configDao.findByName(LDAPParams.truststorepass.toString());
+            if (cvo == null) {
+                cvo = new ConfigurationVO("Advanced", "DEFAULT", "management-server", LDAPParams.truststorepass.toString(), null, "Enter the password for trusted keystore");
+            }
+            cvo.setValue(DBEncryptionUtil.encrypt(trustStorePassword));
+            _configDao.persist(cvo);
+            
+            s_logger.debug("The ldap server is configured: " + hostname);
         } catch (NamingException ne) {
             ne.printStackTrace();
             throw new InvalidParameterValueException("Naming Exception, check you ldap data ! " + ne.getMessage() + (ne.getCause() != null ? ("Caused by:" + ne.getCause().getMessage()) : ""));
         }
         return true;
     }
-
+    
+    
     @Override
     @DB
     @ActionEvent(eventType = EventTypes.EVENT_ZONE_EDIT, eventDescription = "editing zone", async = false)
diff --git a/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java b/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
index 5b1d417d93c..47bfd5dee35 100644
--- a/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
+++ b/server/src/com/cloud/server/auth/LDAPUserAuthenticator.java
@@ -74,6 +74,8 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
         String useSSL = _configDao.getValue(LDAPParams.usessl.toString());
         String bindDN = _configDao.getValue(LDAPParams.dn.toString());
         String bindPasswd = DBEncryptionUtil.decrypt(_configDao.getValue(LDAPParams.passwd.toString()));
+        String trustStore = _configDao.getValue(LDAPParams.truststore.toString());
+        String trustStorePassword = DBEncryptionUtil.decrypt(_configDao.getValue(LDAPParams.truststorepass.toString()));
         
         try {
             // get all params
@@ -83,6 +85,8 @@ public class LDAPUserAuthenticator extends DefaultUserAuthenticator {
             if (new Boolean(useSSL)){
             	env.put(Context.SECURITY_PROTOCOL, "ssl");
                 protocol="ldaps://" ;
+                System.setProperty("javax.net.ssl.trustStore", trustStore);
+                System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
             }
             env.put(Context.PROVIDER_URL, protocol + url  + ":" + port);