diff --git a/lib/config.go b/lib/config.go
index 3b8d1c2..63ad73a 100644
--- a/lib/config.go
+++ b/lib/config.go
@@ -34,6 +34,7 @@ type Config struct {
 	pageSize              uint
 	maxConcurrentRequests uint
 	basicAuth             bool
+	allowInsecure         bool
 }
 
 func (u *urlValue) String() string {
@@ -47,6 +48,7 @@ func (c *Config) BindToFlags(flags *flag.FlagSet) {
 	flags.UintVar(&c.pageSize, "page-size", c.pageSize, "page size for paginated requests")
 	flags.UintVar(&c.maxConcurrentRequests, "max-requests", c.maxConcurrentRequests, "concurrent API request limit")
 	flags.BoolVar(&c.basicAuth, "basic-auth", c.basicAuth, "use basic auth instead of token auth")
+	flags.BoolVar(&c.allowInsecure, "allow-insecure", c.allowInsecure, "ignore SSL certificate validation errors")
 
 	c.credentials.BindToFlags(flags)
 }
@@ -59,6 +61,10 @@ func (c *Config) Credentials() auth.RegistryCredentials {
 	return &c.credentials
 }
 
+func (c *Config) AllowInsecure() bool {
+	return c.allowInsecure
+}
+
 func NewConfig() Config {
 	return Config{
 		registryUrl:           DEFAULT_REGISTRY_URL,
diff --git a/lib/connector/basic_auth_connector.go b/lib/connector/basic_auth_connector.go
index 8ef8ed9..f11050c 100644
--- a/lib/connector/basic_auth_connector.go
+++ b/lib/connector/basic_auth_connector.go
@@ -50,7 +50,7 @@ func (r *basicAuthConnector) Request(method string, url *url.URL, hint string) (
 func NewBasicAuthConnector(cfg Config) Connector {
 	return &basicAuthConnector{
 		cfg:        cfg,
-		httpClient: http.DefaultClient,
+		httpClient: createHttpClient(cfg),
 		semaphore:  newSemaphore(cfg.MaxConcurrentRequests()),
 		stat:       new(statistics),
 	}
diff --git a/lib/connector/token_auth_config.go b/lib/connector/config.go
similarity index 89%
rename from lib/connector/token_auth_config.go
rename to lib/connector/config.go
index 1c30a7e..b4b54ed 100644
--- a/lib/connector/token_auth_config.go
+++ b/lib/connector/config.go
@@ -7,4 +7,5 @@ import (
 type Config interface {
 	MaxConcurrentRequests() uint
 	Credentials() auth.RegistryCredentials
+	AllowInsecure() bool
 }
diff --git a/lib/connector/http_client_factory.go b/lib/connector/http_client_factory.go
new file mode 100644
index 0000000..3680092
--- /dev/null
+++ b/lib/connector/http_client_factory.go
@@ -0,0 +1,21 @@
+package connector
+
+import (
+	"crypto/tls"
+	"net/http"
+)
+
+func createHttpClient(cfg Config) *http.Client {
+	var tlsConfig *tls.Config
+	if cfg.AllowInsecure() {
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
+	return &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: tlsConfig,
+		},
+	}
+}
diff --git a/lib/connector/token_auth_connector.go b/lib/connector/token_auth_connector.go
index 290ccd7..221f8ab 100644
--- a/lib/connector/token_auth_connector.go
+++ b/lib/connector/token_auth_connector.go
@@ -124,7 +124,7 @@ func (r *tokenAuthConnector) GetStatistics() Statistics {
 func NewTokenAuthConnector(cfg Config) Connector {
 	connector := tokenAuthConnector{
 		cfg:        cfg,
-		httpClient: http.DefaultClient,
+		httpClient: createHttpClient(cfg),
 		semaphore:  newSemaphore(cfg.MaxConcurrentRequests()),
 		tokenCache: newTokenCache(),
 		stat:       new(statistics),