diff --git a/connect/provider.go b/connect/provider.go
index 8451388..bf75780 100644
--- a/connect/provider.go
+++ b/connect/provider.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"gopkg.in/resty.v1"
 
 	kc "github.com/ricardo-ch/go-kafka-connect/v3/lib/connectors"
 )
@@ -30,6 +31,11 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_BASIC_AUTH_PASSWORD", ""),
 			},
+			"tls_root_ca_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_TLS_ROOT_CA_FILE", ""),
+			},
 			"tls_auth_crt": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -74,6 +80,11 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 		c.SetBasicAuth(user, pass)
 	}
 
+	tls_root_ca_file := d.Get("tls_root_ca_file").(string)
+	if tls_root_ca_file != "" {
+		resty.SetRootCertificate(tls_root_ca_file)
+	}
+
 	crt := d.Get("tls_auth_crt").(string)
 	key := d.Get("tls_auth_key").(string)
 	is_insecure := d.Get("tls_auth_is_insecure").(bool)
@@ -91,6 +102,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 			c.SetClientCertificates(cert)
 		}
 	}
+
 	headers := d.Get("headers").(map[string]interface{})
 	if headers != nil {
 		for k, v := range headers {
diff --git a/go.mod b/go.mod
index 9a4593c..5340143 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ require (
 	bou.ke/monkey v1.0.2 // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1
 	github.com/ricardo-ch/go-kafka-connect/v3 v3.0.0-20220613085032-a69a6c33b847
+	gopkg.in/resty.v1 v1.11.0
 )
 
 replace git.apache.org/thrift.git => github.com/apache/thrift v0.0.0-20180902110319-2566ecd5d999