diff --git a/parsedmarc/cli.py b/parsedmarc/cli.py
index cba69e8..09316b9 100644
--- a/parsedmarc/cli.py
+++ b/parsedmarc/cli.py
@@ -141,6 +141,11 @@ def _main():
                             help="append this suffix to the "
                                  "dmarc_aggregate and dmarc_forensic "
                                  "Elasticsearch index names, joined by _")
+    arg_parser.add_argument("--elasticsearch-use-ssl", default=False, action="store_true",
+                            help="enable ssl connection to elasticsearch server")
+    arg_parser.add_argument("--elasticsearch-ssl-cert-path", default=None,
+                            help="if enabled ssl connection to elasticsearch"
+                            "this is the path to the cert which validates the server")
     arg_parser.add_argument("--hec", help="the URL to a Splunk HTTP Event "
                                           "Collector (HEC)")
     arg_parser.add_argument("--hec-token", help="the authorization token for "
@@ -244,7 +249,8 @@ def _main():
                         es_aggregate_index, suffix)
                     es_forensic_index = "{0}_{1}".format(
                         es_forensic_index, suffix)
-                elastic.set_hosts(args.elasticsearch_host)
+                elastic.set_hosts(args.elasticsearch_host, args.elasticsearch_use_ssl,
+                                  args.elasticsearch_ssl_cert_path)
                 elastic.migrate_indexes(aggregate_indexes=[es_aggregate_index],
                                         forensic_indexes=[es_forensic_index])
         except elastic.ElasticsearchError as error:
diff --git a/parsedmarc/elastic.py b/parsedmarc/elastic.py
index 1aa30ed..8ce4db9 100644
--- a/parsedmarc/elastic.py
+++ b/parsedmarc/elastic.py
@@ -167,16 +167,29 @@ class AlreadySaved(ValueError):
     """Raised when a report to be saved matches an existing report"""
 
 
-def set_hosts(hosts):
+def set_hosts(hosts, use_ssl=False, ssl_cert_path=None):
     """
     Sets the Elasticsearch hosts to use
 
     Args:
         hosts: A single hostname or URL, or list of hostnames or URLs
+        [use_ssl]: boolean, if True enables HTTPS connection to the server
+        [ssl_cert_path]: string, path to the certificate chain to validate the connection
     """
     if type(hosts) != list:
         hosts = [hosts]
-    connections.create_connection(hosts=hosts, timeout=20)
+    conn_params = {
+        "hosts": hosts,
+        "timeout": 20
+    }
+    if use_ssl:
+        conn_params['use_ssl'] = True
+        if ssl_cert_path:
+            conn_params['verify_certs'] = True
+            conn_params['ca_certs'] = ssl_cert_path
+        else:
+            conn_params['verify_certs'] = False
+    connections.create_connection(**conn_params)
 
 
 def create_indexes(names, settings=None):