diff --git a/config/env/production.js b/config/env/production.js
index cee8552be5..c819650cb8 100644
--- a/config/env/production.js
+++ b/config/env/production.js
@@ -4,7 +4,8 @@ module.exports = {
   secure: {
     ssl: true,
     privateKey: './config/sslcerts/key.pem',
-    certificate: './config/sslcerts/cert.pem'
+    certificate: './config/sslcerts/cert.pem',
+    caBundle: './config/sslcerts/cabundle.crt'
   },
   port: process.env.PORT || 8443,
   // Binding to 127.0.0.1 is safer in production.
diff --git a/config/lib/socket.io.js b/config/lib/socket.io.js
index 3df7359efb..0050f4fb86 100644
--- a/config/lib/socket.io.js
+++ b/config/lib/socket.io.js
@@ -19,9 +19,18 @@ module.exports = function (app, db) {
     // Load SSL key and certificate
     var privateKey = fs.readFileSync(path.resolve(config.secure.privateKey), 'utf8');
     var certificate = fs.readFileSync(path.resolve(config.secure.certificate), 'utf8');
+    var caBundle;
+
+    try {
+      caBundle = fs.readFileSync(path.resolve(config.secure.caBundle), 'utf8');
+    } catch (err) {
+      console.log('Warning: couldn\'t find or read caBundle file');
+    }
+
     var options = {
       key: privateKey,
       cert: certificate,
+      ca: caBundle,
       //  requestCert : true,
       //  rejectUnauthorized : true,
       secureProtocol: 'TLSv1_method',