diff --git a/docs/index.asciidoc b/docs/index.asciidoc
index 222d472..a04d9e1 100644
--- a/docs/index.asciidoc
+++ b/docs/index.asciidoc
@@ -39,6 +39,11 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-vhost>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-cacert>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-client_cert>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-client_key>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-ssl_certificate_validation>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-protocol>> |<<string,string>>|No
 |=======================================================================
 
 Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
@@ -47,7 +52,7 @@ output plugins.
 &nbsp;
 
 [id="plugins-{type}s-{plugin}-debug"]
-===== `debug` 
+===== `debug`
 
   * Value type is <<boolean,boolean>>
   * Default value is `false`
@@ -55,7 +60,7 @@ output plugins.
 Enable debugging output?
 
 [id="plugins-{type}s-{plugin}-destination"]
-===== `destination` 
+===== `destination`
 
   * This is a required setting.
   * Value type is <<string,string>>
@@ -67,7 +72,7 @@ The destination to read events from. Supports string expansion, meaning
 Example: "/topic/logstash"
 
 [id="plugins-{type}s-{plugin}-headers"]
-===== `headers` 
+===== `headers`
 
   * Value type is <<hash,hash>>
   * There is no default value for this setting.
@@ -78,7 +83,7 @@ Custom headers to send with each message. Supports string expansion, meaning
 Example: headers => ["amq-msg-type", "text", "host", "%{host}"]
 
 [id="plugins-{type}s-{plugin}-host"]
-===== `host` 
+===== `host`
 
   * This is a required setting.
   * Value type is <<string,string>>
@@ -87,7 +92,7 @@ Example: headers => ["amq-msg-type", "text", "host", "%{host}"]
 The address of the STOMP server.
 
 [id="plugins-{type}s-{plugin}-password"]
-===== `password` 
+===== `password`
 
   * Value type is <<password,password>>
   * Default value is `""`
@@ -95,7 +100,7 @@ The address of the STOMP server.
 The password to authenticate with.
 
 [id="plugins-{type}s-{plugin}-port"]
-===== `port` 
+===== `port`
 
   * Value type is <<number,number>>
   * Default value is `61613`
@@ -103,7 +108,7 @@ The password to authenticate with.
 The port to connect to on your STOMP server.
 
 [id="plugins-{type}s-{plugin}-user"]
-===== `user` 
+===== `user`
 
   * Value type is <<string,string>>
   * Default value is `""`
@@ -111,16 +116,54 @@ The port to connect to on your STOMP server.
 The username to authenticate with.
 
 [id="plugins-{type}s-{plugin}-vhost"]
-===== `vhost` 
+===== `vhost`
 
   * Value type is <<string,string>>
   * Default value is `nil`
 
-The vhost to use
+The vhost to use.
 
+[id="plugins-{type}s-{plugin}-cacert"]
+===== `cacert`
 
+  * Value type is <<string,string>>
+  * Default value is `nil`
+
+The cacert to validate client certificates.
+
+[id="plugins-{type}s-{plugin}-client_cert"]
+===== `client_cert`
+
+    * Value type is <<string,string>>
+    * Default value is `nil`
+
+The certificate of the client.
+
+[id="plugins-{type}s-{plugin}-client_key"]
+===== `client_key`
+
+    * Value type is <<string,string>>
+    * Default value is `nil`
+
+The key of the client certificate.
+
+[id="plugins-{type}s-{plugin}-ssl_certificate_validation"]
+===== `ssl_certificate_validation`
+
+    * Value type is <<boolean,boolean>>
+    * Default value is `true`
+
+Validate certificate of destination host (true or false).
+
+[id="plugins-{type}s-{plugin}-protocol"]
+===== `protocol`
+
+    * Value type is <<string,string>>
+    * Default value is `stomp`
+
+Protocol to use for connecting to destination host (stomp or stomp+ssl)
 
 [id="plugins-{type}s-{plugin}-common-options"]
 include::{include_path}/{type}.asciidoc[]
 
-:default_codec!:
\ No newline at end of file
+:default_codec!:
diff --git a/lib/logstash/outputs/stomp.rb b/lib/logstash/outputs/stomp.rb
index 627f8c0..7a98576 100644
--- a/lib/logstash/outputs/stomp.rb
+++ b/lib/logstash/outputs/stomp.rb
@@ -36,6 +36,21 @@ class LogStash::Outputs::Stomp < LogStash::Outputs::Base
   # Enable debugging output?
   config :debug, :validate => :boolean, :default => false
 
+  # Specify a custom X.509 CA (.pem certs), if needed
+  config :cacert, :validate => :path
+
+  # Specify a client certificate , if needed
+  config :client_cert, :validate => :path
+
+  # Specify a client certificate encryption key, if needed
+  config :client_key, :validate => :path
+
+  # Validate TLS/SSL certificate?
+  config :ssl_certificate_validation, :validate => :boolean, :default => true
+
+  # The connection type of your STOMP server.
+  config :protocol, :validate => :string, :default => "stomp"
+
   private
   def connect
     begin
@@ -53,14 +68,23 @@ def connect
   public
   def register
     require "onstomp"
-    @client = OnStomp::Client.new("stomp://#{@host}:#{@port}", :login => @user, :passcode => @password.value)
+    @ssl_opts = {}
+    @ssl_opts[:ca_file] = @cacert if @cacert
+    @ssl_opts[:cert] = @client_cert if @client_cert
+    @ssl_opts[:key] = @client_key if @client_key
+    # disable verification if false
+    if !@ssl_certificate_validation
+      @ssl_opts[:verify_mode] = OpenSSL::SSL::VERIFY_NONE
+      @ssl_opts[:post_connection_check] = false
+    end
+    @client = OnStomp::Client.new("#{@protocol}://#{@host}:#{@port}", :login => @user, :passcode => @password.value, :ssl => @ssl_opts)
     @client.host = @vhost if @vhost
 
     # Handle disconnects
     @client.on_connection_closed {
       connect
     }
-    
+
     connect
   end # def register