diff --git a/cmd/arcade/arcade.go b/cmd/arcade/arcade.go
index b4d3a81..f1c452f 100644
--- a/cmd/arcade/arcade.go
+++ b/cmd/arcade/arcade.go
@@ -1,12 +1,15 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"log"
+	"net/http"
 	"os"
 
 	"github.com/gin-gonic/gin"
 	"github.com/homedepot/arcade/pkg/google"
-	"github.com/homedepot/arcade/pkg/http"
+	arcadehttp "github.com/homedepot/arcade/pkg/http"
 	"github.com/homedepot/arcade/pkg/middleware"
 	"github.com/homedepot/arcade/pkg/rancher"
 )
@@ -29,7 +32,7 @@ func init() {
 		r.Use(middleware.SetRancherClient(rancherClient))
 	}
 
-	r.GET("/tokens", http.GetToken)
+	r.GET("/tokens", arcadehttp.GetToken)
 }
 
 func mustGetenv(env string) (s string) {
@@ -41,14 +44,31 @@ func mustGetenv(env string) (s string) {
 }
 
 func mustInstantiateRancherClient() rancher.Client {
-	rancherURL := mustGetenv("RANCHER_URL")
-	rancherUsername := mustGetenv("RANCHER_USERNAME")
-	rancherPassword := mustGetenv("RANCHER_PASSWORD")
+	url := mustGetenv("RANCHER_URL")
+	username := mustGetenv("RANCHER_USERNAME")
+	password := mustGetenv("RANCHER_PASSWORD")
 
 	rancherClient := rancher.NewClient()
-	rancherClient.WithURL(rancherURL)
-	rancherClient.WithUsername(rancherUsername)
-	rancherClient.WithPassword(rancherPassword)
+	rancherClient.WithURL(url)
+	rancherClient.WithUsername(username)
+	rancherClient.WithPassword(password)
+
+	if caCerts := os.Getenv("RANCHER_CACERTS"); caCerts != "" {
+		rootCAs, _ := x509.SystemCertPool()
+		if rootCAs == nil {
+			rootCAs = x509.NewCertPool()
+		}
+
+		rootCAs.AppendCertsFromPEM([]byte(caCerts))
+
+		t := &http.Transport{
+			TLSClientConfig: &tls.Config{
+				RootCAs: rootCAs,
+			},
+		}
+
+		rancherClient.WithTransport(t)
+	}
 
 	return rancherClient
 }