diff --git a/builtin/providers/nomad/provider.go b/builtin/providers/nomad/provider.go
index d23c4ad97..abefb3ce8 100644
--- a/builtin/providers/nomad/provider.go
+++ b/builtin/providers/nomad/provider.go
@@ -24,6 +24,24 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("NOMAD_REGION", ""),
 				Description: "Region of the target Nomad agent.",
 			},
+			"ca_file": &schema.Schema{
+				Type:	     schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("NOMAD_CACERT", ""),
+				Description: "A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.", 
+			},
+			"cert_file": &schema.Schema{
+				Type:	     schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_CERT", ""),
+				Description: "A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file.", 
+			},
+			"key_file": &schema.Schema{
+				Type:	     schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("NOMAD_CLIENT_KEY", ""),
+				Description: "A path to a PEM-encoded private key, required if cert_file is specified.", 
+			},
 		},
 
 		ConfigureFunc: providerConfigure,
@@ -38,6 +56,9 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	config := api.DefaultConfig()
 	config.Address = d.Get("address").(string)
 	config.Region = d.Get("region").(string)
+	config.TLSConfig.CACert = d.Get("ca_file").(string)
+	config.TLSConfig.ClientCert = d.Get("cert_file").(string)
+	config.TLSConfig.ClientKey = d.Get("key_file").(string)
 
 	client, err := api.NewClient(config)
 	if err != nil {