diff --git a/changelogs/unreleased/2368-mansam b/changelogs/unreleased/2368-mansam
new file mode 100644
index 000000000..c7a351d77
--- /dev/null
+++ b/changelogs/unreleased/2368-mansam
@@ -0,0 +1 @@
+Added a --cacert flag to the install command to provide the CA bundle to use when verifying TLS connections to object storage
diff --git a/pkg/cmd/cli/install/install.go b/pkg/cmd/cli/install/install.go
index ceaa638e8..db5002cc0 100644
--- a/pkg/cmd/cli/install/install.go
+++ b/pkg/cmd/cli/install/install.go
@@ -68,6 +68,7 @@ type InstallOptions struct {
 	Plugins                           flag.StringArray
 	NoDefaultBackupLocation           bool
 	CRDsOnly                          bool
+	CACertFile                        string
 }
 
 // BindFlags adds command line values to the options struct.
@@ -99,6 +100,7 @@ func (o *InstallOptions) BindFlags(flags *pflag.FlagSet) {
 	flags.DurationVar(&o.DefaultResticMaintenanceFrequency, "default-restic-prune-frequency", o.DefaultResticMaintenanceFrequency, "how often 'restic prune' is run for restic repositories by default. Optional.")
 	flags.Var(&o.Plugins, "plugins", "Plugin container images to install into the Velero Deployment")
 	flags.BoolVar(&o.CRDsOnly, "crds-only", o.CRDsOnly, "only generate CustomResourceDefinition resources. Useful for updating CRDs for an existing Velero install.")
+	flags.StringVar(&o.CACertFile, "cacert", o.CACertFile, "file containing a certificate bundle to use when verifying TLS connections to the object store. Optional.")
 }
 
 // NewInstallOptions instantiates a new, default InstallOptions struct.
@@ -138,6 +140,17 @@ func (o *InstallOptions) AsVeleroOptions() (*install.VeleroOptions, error) {
 			return nil, err
 		}
 	}
+	var caCertData []byte
+	if o.CACertFile != "" {
+		realPath, err := filepath.Abs(o.CACertFile)
+		if err != nil {
+			return nil, err
+		}
+		caCertData, err = ioutil.ReadFile(realPath)
+		if err != nil {
+			return nil, err
+		}
+	}
 	veleroPodResources, err := kubeutil.ParseResourceRequirements(o.VeleroPodCPURequest, o.VeleroPodMemRequest, o.VeleroPodCPULimit, o.VeleroPodMemLimit)
 	if err != nil {
 		return nil, err
@@ -166,6 +179,7 @@ func (o *InstallOptions) AsVeleroOptions() (*install.VeleroOptions, error) {
 		DefaultResticMaintenanceFrequency: o.DefaultResticMaintenanceFrequency,
 		Plugins:                           o.Plugins,
 		NoDefaultBackupLocation:           o.NoDefaultBackupLocation,
+		CACertData:                        caCertData,
 	}, nil
 }
 
diff --git a/pkg/install/resources.go b/pkg/install/resources.go
index d6cec3163..8c072737f 100644
--- a/pkg/install/resources.go
+++ b/pkg/install/resources.go
@@ -137,7 +137,7 @@ func Namespace(namespace string) *corev1.Namespace {
 	}
 }
 
-func BackupStorageLocation(namespace, provider, bucket, prefix string, config map[string]string) *v1.BackupStorageLocation {
+func BackupStorageLocation(namespace, provider, bucket, prefix string, config map[string]string, caCert []byte) *v1.BackupStorageLocation {
 	return &v1.BackupStorageLocation{
 		ObjectMeta: objectMeta(namespace, "default"),
 		TypeMeta: metav1.TypeMeta{
@@ -150,6 +150,7 @@ func BackupStorageLocation(namespace, provider, bucket, prefix string, config ma
 				ObjectStorage: &v1.ObjectStorageLocation{
 					Bucket: bucket,
 					Prefix: prefix,
+					CACert: caCert,
 				},
 			},
 			Config: config,
@@ -217,6 +218,7 @@ type VeleroOptions struct {
 	DefaultResticMaintenanceFrequency time.Duration
 	Plugins                           []string
 	NoDefaultBackupLocation           bool
+	CACertData                        []byte
 }
 
 func AllCRDs() *unstructured.UnstructuredList {
@@ -252,7 +254,7 @@ func AllResources(o *VeleroOptions) (*unstructured.UnstructuredList, error) {
 	}
 
 	if !o.NoDefaultBackupLocation {
-		bsl := BackupStorageLocation(o.Namespace, o.ProviderName, o.Bucket, o.Prefix, o.BSLConfig)
+		bsl := BackupStorageLocation(o.Namespace, o.ProviderName, o.Bucket, o.Prefix, o.BSLConfig, o.CACertData)
 		appendUnstructured(resources, bsl)
 	}
 
diff --git a/pkg/install/resources_test.go b/pkg/install/resources_test.go
index 5aa240e81..e2c296493 100644
--- a/pkg/install/resources_test.go
+++ b/pkg/install/resources_test.go
@@ -23,12 +23,13 @@ import (
 )
 
 func TestResources(t *testing.T) {
-	bsl := BackupStorageLocation("velero", "test", "test", "", make(map[string]string))
+	bsl := BackupStorageLocation("velero", "test", "test", "", make(map[string]string), []byte("test"))
 
 	assert.Equal(t, "velero", bsl.ObjectMeta.Namespace)
 	assert.Equal(t, "test", bsl.Spec.Provider)
 	assert.Equal(t, "test", bsl.Spec.StorageType.ObjectStorage.Bucket)
 	assert.Equal(t, make(map[string]string), bsl.Spec.Config)
+	assert.Equal(t, []byte("test"), bsl.Spec.ObjectStorage.CACert)
 
 	vsl := VolumeSnapshotLocation("velero", "test", make(map[string]string))