diff --git a/configuration.go b/configuration.go
index 573d8be..7acff32 100644
--- a/configuration.go
+++ b/configuration.go
@@ -17,6 +17,8 @@ type SearchTarget struct {
 	Url          string
 	TunnelUrl	 string	`json:"-"`
 	IndexPattern string
+	Cert         string
+	Key          string
 }
 
 type QueryDefinition struct {
@@ -74,6 +76,8 @@ func (c *Configuration) CopyConfigRelevantSettingsTo(dest *Configuration) {
 	//copy config relevant configuration settings
 	dest.SearchTarget.TunnelUrl = c.SearchTarget.TunnelUrl
 	dest.SearchTarget.Url = c.SearchTarget.Url
+	dest.SearchTarget.Cert = c.SearchTarget.Cert
+	dest.SearchTarget.Key = c.SearchTarget.Key
 	dest.SearchTarget.IndexPattern = c.SearchTarget.IndexPattern
 	dest.QueryDefinition.Format = c.QueryDefinition.Format
 	dest.QueryDefinition.Terms = make([]string, len(c.QueryDefinition.Terms))
@@ -153,6 +157,18 @@ func (config *Configuration) Flags() []cli.Flag {
 			Usage:       "(*) ElasticSearch URL",
 			Destination: &config.SearchTarget.Url,
 		},
+		cli.StringFlag{
+			Name:        "cert",
+			Value:       "",
+			Usage:       "(*) certificate to use when accessing via TLS",
+			Destination: &config.SearchTarget.Cert,
+		},
+		cli.StringFlag{
+			Name:        "key",
+			Value:       "",
+			Usage:       "(*) key to use when accessing via TLS",
+			Destination: &config.SearchTarget.Key,
+		},
 		cli.StringFlag{
 			Name:        "f,format",
 			Value:       "%message",
@@ -248,4 +264,3 @@ func IsConfigRelevantFlagSet(c *cli.Context) bool {
 	}
 	return false
 }
-
diff --git a/elktail.go b/elktail.go
index 69886e5..64809c6 100644
--- a/elktail.go
+++ b/elktail.go
@@ -6,6 +6,7 @@
 package main
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"gopkg.in/olivere/elastic.v2"
@@ -17,6 +18,7 @@ import (
 	"golang.org/x/crypto/ssh/terminal"
 	"github.com/codegangsta/cli"
 	"net/url"
+	"net/http"
 	"errors"
 )
 
@@ -81,6 +83,22 @@ func NewTail(configuration *Configuration) *Tail {
 			elastic.SetBasicAuth(configuration.User, configuration.Password))
 	}
 
+	var cert = configuration.SearchTarget.Cert
+	var key = configuration.SearchTarget.Key
+	if cert != "" && key != "" {
+		cert, err := tls.LoadX509KeyPair(cert, key)
+		if err != nil {
+		    Error.Fatalf("Bad certificate and/or key: %s", err)
+		}
+		tlsConfig := &tls.Config{
+			Certificates: []tls.Certificate{cert},
+		}
+		tlsConfig.BuildNameToCertificate()
+		transport := &http.Transport{TLSClientConfig: tlsConfig}
+		client := &http.Client{Transport: transport}
+		defaultOptions = append(defaultOptions, elastic.SetHttpClient(client))
+	}
+
 	if configuration.TraceRequests {
 		defaultOptions = append(defaultOptions,
 			elastic.SetTraceLog(Trace))