diff --git a/elements/ironic-agent/README.rst b/elements/ironic-agent/README.rst
index f1fb4258..a6382a02 100644
--- a/elements/ironic-agent/README.rst
+++ b/elements/ironic-agent/README.rst
@@ -15,6 +15,9 @@ Beyond installing the ironic-python-agent, this element does the following:
 * When installing from source, ``python-dev`` and ``gcc`` are also installed
   in order to support source based installation of ironic-python-agent and its
   dependencies.
+* Install the certificate if any, which is set to the environment variable
+  ``DIB_IPA_CERT`` for validating the authenticity by ironic-python-agent. The
+  certificate can be self-signed certificate or CA certificate.
 
 This element outputs three files:
 
diff --git a/elements/ironic-agent/extra-data.d/15-ssl-ca-copy b/elements/ironic-agent/extra-data.d/15-ssl-ca-copy
new file mode 100755
index 00000000..1a3c1ad6
--- /dev/null
+++ b/elements/ironic-agent/extra-data.d/15-ssl-ca-copy
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+
+set -eu
+set -o pipefail
+
+if [ -n "${DIB_IPA_CERT:=}" ]; then
+    cp $DIB_IPA_CERT $TMP_HOOKS_PATH/server.pem
+fi
diff --git a/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install b/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
index 17ac2831..3c93d70f 100755
--- a/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
+++ b/elements/ironic-agent/install.d/ironic-agent-source-install/60-ironic-agent-install
@@ -36,3 +36,8 @@ case "$DIB_INIT_SYSTEM" in
         exit 1
         ;;
 esac
+
+# Copying the self signed certificate for request library
+if [ -f /tmp/in_target.d/server.pem ]; then
+    cat /tmp/in_target.d/server.pem >> $($IPADIR/venv/bin/python -c "import requests; print requests.certs.where()")
+fi