diff --git a/cli.go b/cli.go
index 7a93567..d1e88c9 100644
--- a/cli.go
+++ b/cli.go
@@ -7,7 +7,10 @@ import (
 )
 
 type GlobalOptions struct {
-	// no options yet
+	TLSCaCert string `long:"tlscacert" value-name:"~/.docker/ca.pem" description:"Trust certs signed only by this CA"`
+	TLSCert   string `long:"tlscert" value-name:"~/.docker/cert.pem" description:"Path to TLS certificate file"`
+	TLSKey    string `long:"tlskey" value-name:"~/.docker/key.pem" description:"Path to TLS key file"`
+	TLSVerify bool   `long:"tlsverify" description:"Use TLS and verify the remote"`
 }
 
 var globalOptions GlobalOptions
diff --git a/images.go b/images.go
index 2140533..c2bc14b 100644
--- a/images.go
+++ b/images.go
@@ -53,6 +53,9 @@ func (x *ImagesCommand) Execute(args []string) error {
 	} else {
 
 		client, err := connect()
+		if err != nil {
+			return err
+		}
 
 		clientImages, err := client.ListImages(docker.ListImagesOptions{All: true})
 		if err != nil {
diff --git a/util.go b/util.go
index c1f84a0..2f7571e 100644
--- a/util.go
+++ b/util.go
@@ -1,10 +1,11 @@
 package main
 
 import (
-	"github.com/fsouza/go-dockerclient"
-
+	"errors"
 	"os"
 	"path"
+
+	"github.com/fsouza/go-dockerclient"
 )
 
 func connect() (*docker.Client, error) {
@@ -17,13 +18,23 @@ func connect() (*docker.Client, error) {
 
 	var client *docker.Client
 	var err error
-	if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); len(dockerCertPath) > 0 {
-		cert := path.Join(dockerCertPath, "cert.pem")
-		key := path.Join(dockerCertPath, "key.pem")
-		ca := path.Join(dockerCertPath, "ca.pem")
-		client, err = docker.NewTLSClient(endpoint, cert, key, ca)
-		if err != nil {
-			return nil, err
+	dockerTlsVerifyEnv := os.Getenv("DOCKER_TLS_VERIFY")
+	if dockerTlsVerifyEnv == "1" || globalOptions.TLSVerify {
+		if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); len(dockerCertPath) > 0 {
+			cert := path.Join(dockerCertPath, "cert.pem")
+			key := path.Join(dockerCertPath, "key.pem")
+			ca := path.Join(dockerCertPath, "ca.pem")
+			client, err = docker.NewTLSClient(endpoint, cert, key, ca)
+			if err != nil {
+				return nil, err
+			}
+		} else if len(globalOptions.TLSCert) > 0 && len(globalOptions.TLSKey) > 0 && len(globalOptions.TLSCaCert) > 0 {
+			client, err = docker.NewTLSClient(endpoint, globalOptions.TLSCert, globalOptions.TLSKey, globalOptions.TLSCaCert)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			return nil, errors.New("TLS Verification requested but certs not specified")
 		}
 	} else {
 		client, err = docker.NewClient(endpoint)