diff --git a/collector/client.go b/collector/client.go
index 4dd6da2..a64a099 100644
--- a/collector/client.go
+++ b/collector/client.go
@@ -2,6 +2,7 @@ package collector
 
 import (
 	"bufio"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -27,8 +28,11 @@ type connectionHandler interface {
 }
 
 type connectionHandlerImpl struct {
-	hostname string
-	port     int
+	hostname    string
+	port        int
+	certificate string
+	key         string
+	insecure    bool
 }
 
 /*SquidClient provides functionality to fetch squid metrics */
@@ -51,11 +55,14 @@ func buildBasicAuthString(login string, password string) string {
 }
 
 type CacheObjectRequest struct {
-	Hostname string
-	Port     int
-	Login    string
-	Password string
-	Headers  []string
+	Hostname    string
+	Port        int
+	Login       string
+	Password    string
+	Headers     []string
+	Certificate string
+	Key         string
+	Insecure    bool
 }
 
 /*NewCacheObjectClient initializes a new cache client */
@@ -64,6 +71,9 @@ func NewCacheObjectClient(cor *CacheObjectRequest) *CacheObjectClient {
 		&connectionHandlerImpl{
 			cor.Hostname,
 			cor.Port,
+			cor.Certificate,
+			cor.Key,
+			cor.Insecure,
 		},
 		buildBasicAuthString(cor.Login, cor.Password),
 		cor.Headers,
@@ -72,12 +82,10 @@ func NewCacheObjectClient(cor *CacheObjectRequest) *CacheObjectClient {
 
 func (c *CacheObjectClient) readFromSquid(endpoint string) (*bufio.Reader, error) {
 	conn, err := c.ch.connect()
-
 	if err != nil {
 		return nil, err
 	}
 	r, err := get(conn, endpoint, c.basicAuthString, c.headers)
-
 	if err != nil {
 		return nil, err
 	}
@@ -207,7 +215,19 @@ func (c *CacheObjectClient) GetInfos() (types.Counters, error) {
 }
 
 func (ch *connectionHandlerImpl) connect() (net.Conn, error) {
-	return net.Dial("tcp", fmt.Sprintf("%s:%d", ch.hostname, ch.port))
+	if ch.certificate != "" && ch.key != "" {
+		cert, err := tls.LoadX509KeyPair(ch.certificate, ch.key)
+		if err != nil {
+			return nil, err
+		}
+		tlsconfig := tls.Config{Certificates: []tls.Certificate{cert}}
+		return tls.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)), &tlsconfig)
+	} else if ch.insecure {
+		tlsconfig := tls.Config{InsecureSkipVerify: ch.insecure}
+		return tls.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)), &tlsconfig)
+	}
+
+	return net.Dial("tcp", net.JoinHostPort(ch.hostname, strconv.Itoa(ch.port)))
 }
 
 func get(conn net.Conn, path string, basicAuthString string, headers []string) (*http.Response, error) {
@@ -347,7 +367,6 @@ func decodeInfoStrings(line string) (types.Counter, error) {
 				} else {
 					value = slices[0]
 				}
-
 			}
 
 			value = strings.Replace(value, "%", "", -1)
diff --git a/collector/metrics.go b/collector/metrics.go
index 21aa66f..1943008 100644
--- a/collector/metrics.go
+++ b/collector/metrics.go
@@ -34,12 +34,15 @@ type Exporter struct {
 }
 
 type CollectorConfig struct {
-	Hostname string
-	Port     int
-	Login    string
-	Password string
-	Labels   config.Labels
-	Headers  []string
+	Hostname       string
+	Port           int
+	Login          string
+	Password       string
+	Labels         config.Labels
+	Headers        []string
+	TLSCertificate string
+	TLSKey         string
+	Insecure       bool
 }
 
 /*New initializes a new exporter */
@@ -58,6 +61,9 @@ func New(c *CollectorConfig) *Exporter {
 			c.Login,
 			c.Password,
 			c.Headers,
+			c.TLSCertificate,
+			c.TLSKey,
+			c.Insecure,
 		}),
 
 		c.Hostname,
diff --git a/config/config.go b/config/config.go
index ba17a3d..4770b8f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -18,6 +18,7 @@ const (
 	defaultSquidPort           = 3128
 	defaultExtractServiceTimes = true
 	defaultUseProxyHeader      = false
+	defaultInsecure            = false
 )
 
 const (
@@ -31,6 +32,9 @@ const (
 	squidPidfile                  = "SQUID_PIDFILE"
 	squidExtractServiceTimes      = "SQUID_EXTRACTSERVICETIMES"
 	squidUseProxyHeader           = "SQUID_USE_PROXY_HEADER"
+	squidInsecure                 = "SQUID_INSECURE"
+	squidTLSCertificate           = "SQUID_TLS_CERTIFICATE"
+	squidTLSKey                   = "SQUID_TLS_KEY"
 )
 
 var (
@@ -57,6 +61,10 @@ type Config struct {
 	Pidfile       string
 
 	UseProxyHeader bool
+
+	TLSCertificate string
+	TLSKey         string
+	Insecure       bool
 }
 
 /*NewConfig creates a new config object from command line args */
@@ -88,6 +96,12 @@ func NewConfig() *Config {
 	flag.BoolVar(&c.UseProxyHeader, "squid-use-proxy-header",
 		loadEnvBoolVar(squidUseProxyHeader, defaultUseProxyHeader), "Use proxy headers when fetching metrics")
 
+	flag.BoolVar(&c.Insecure, "squid-insecure",
+		loadEnvBoolVar(squidInsecure, defaultInsecure), "Ignore certificate")
+
+	flag.StringVar(&c.TLSCertificate, "squid-tls-certificate", loadEnvStringVar(squidTLSCertificate, ""), "Certificate used by squid")
+	flag.StringVar(&c.TLSKey, "squid-tls-key", loadEnvStringVar(squidTLSKey, ""), "Key used by squid")
+
 	VersionFlag = flag.Bool("version", false, "Print the version and exit")
 
 	flag.Parse()
diff --git a/main.go b/main.go
index d284dda..987f9ed 100644
--- a/main.go
+++ b/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"log"
+	"net"
 	"net/http"
 	"os"
 	"strconv"
@@ -37,14 +38,17 @@ func main() {
 		headers = append(headers, createProxyHeader(cfg))
 	}
 
-	log.Println("Scraping metrics from", fmt.Sprintf("%s:%d", cfg.SquidHostname, cfg.SquidPort))
+	log.Println("Scraping metrics from", net.JoinHostPort(cfg.SquidHostname, strconv.Itoa(cfg.SquidPort)))
 	e := collector.New(&collector.CollectorConfig{
-		Hostname: cfg.SquidHostname,
-		Port:     cfg.SquidPort,
-		Login:    cfg.Login,
-		Password: cfg.Password,
-		Labels:   cfg.Labels,
-		Headers:  headers,
+		Hostname:       cfg.SquidHostname,
+		Port:           cfg.SquidPort,
+		Login:          cfg.Login,
+		Password:       cfg.Password,
+		Labels:         cfg.Labels,
+		Headers:        headers,
+		TLSCertificate: cfg.TLSCertificate,
+		TLSKey:         cfg.TLSKey,
+		Insecure:       cfg.Insecure,
 	})
 	prometheus.MustRegister(e)