diff --git a/action.yml b/action.yml
index bc23af8..c365c1c 100644
--- a/action.yml
+++ b/action.yml
@@ -26,6 +26,8 @@ inputs:
   verify_ssl:
     description: 'Optional. Set to false to disable verification of SSL certificates.'
     default: true
+  base64_encoded_ca_bundle:
+    description: 'Optional. Set to check with private/untrustworthy SSL certificates.'
   event_name:
     description: 'Optional. Specify a custom event name sent to the webhook endpoint, if not defined it defaults to GITHUB_EVENT_NAME.'
   data:
@@ -37,8 +39,8 @@ outputs:
 
 runs:
   using: 'docker'
-  # image: 'Dockerfile'
-  image: 'docker://ghcr.io/distributhor/workflow-webhook-container:v3.0.8'
+  image: 'Dockerfile'
+  # image: 'docker://ghcr.io/distributhor/workflow-webhook-container:v3.0.8'
 
 branding:
   icon: 'terminal'
diff --git a/entrypoint.sh b/entrypoint.sh
index 109c2c7..59f190c 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -61,6 +61,10 @@ if [ -n "$VERIFY_SSL" ]; then
     verify_ssl=$VERIFY_SSL
 fi
 
+if [ -n "$BASE64_ENCODED_CA_BUNDLE" ]; then
+    base64_encoded_ca_bundle=$BASE64_ENCODED_CA_BUNDLE
+fi
+
 if [ -n "$TIMEOUT" ]; then
     timeout=$TIMEOUT
 fi
@@ -196,6 +200,11 @@ if [ "$verify_ssl" = false ]; then
     options="$options -k"
 fi
 
+if [ "$verify_ssl" = true ] && [ -n "$base64_encoded_ca_bundle" ]; then
+    echo $base64_encoded_ca_bundle | base64 -d > /ca_bundle.crt
+    options="$options --cacert /ca_bundle.crt"
+fi
+
 if [ -n "$timeout" ]; then
     options="$options --connect-timeout $timeout"
 fi
@@ -308,6 +317,9 @@ fi
 
 # response=$(curl $options $auth_header $headers --data "$WEBHOOK_DATA" $WEBHOOK_ENDPOINT)
 
+# cleanup certificate payload
+rm -rf /ca_bundle.crt
+
 CURL_STATUS=$?
 
 # echo "response-body=$response" >> $GITHUB_OUTPUT