diff --git a/README.md b/README.md
index 9c33475..f00144a 100755
--- a/README.md
+++ b/README.md
@@ -133,6 +133,7 @@ const ClamScan = new NodeClam().init({
         active: true, // If true, this module will consider using the clamdscan binary
         bypassTest: false, // Check to see if socket is available when applicable
         tls: false, // Use plaintext TCP to connect to clamd
+        rejectUnauthorized: true // Validate TLS certificate (if TLS option enabled)
     },
     preference: 'clamdscan' // If clamdscan is found and active, it will be used by default
 });
@@ -167,7 +168,8 @@ const ClamScan = new NodeClam().init({
         reloadDb: true, // You want your scans to run slow like with clamscan
         active: false, // you don't want to use this at all because it's evil
         bypassTest: true, // Don't check to see if socket is available. You should probably never set this to true.
-        tls: true, // Connect to clamd over TLS
+        tls: true, // Connect to clamd over TLS,
+        rejectUnauthorized: false // Don't validate TLS certificate. Useful when using self-signed certificates.
     },
     preference: 'clamscan' // If clamscan is found and active, it will be used by default
 });
diff --git a/index.js b/index.js
index d5afd4b..4c805d7 100755
--- a/index.js
+++ b/index.js
@@ -110,6 +110,7 @@ class NodeClam {
      * @param {boolean} [options.clamdscan.active=true] - If true, this module will consider using the `clamdscan` binary
      * @param {boolean} [options.clamdscan.bypassTest=false] - If true, check to see if socket is avaliable
      * @param {boolean} [options.clamdscan.tls=false] - If true, connect to a TLS-Termination proxy in front of ClamAV
+     * @param {boolean} [options.clamdscan.rejectUnauthorized=true] - If true, validates the server's TLS certificate
      * @param {object} [options.preference='clamdscan'] - If preferred binary is found and active, it will be used by default
      * @param {Function} [cb = null] - Callback method. Prototype: `(err, <instance of NodeClam>)`
      * @returns {Promise<object>} An initated instance of NodeClam
@@ -542,6 +543,7 @@ class NodeClam {
                         client = tls.connect({
                             host: this.settings.clamdscan.host,
                             port: this.settings.clamdscan.port,
+                            rejectUnauthorized: this.settings.clamdscan.rejectUnauthorized,
                             // Activate SNI
                             // servername: this.settings.clamdscan.host,
                             timeout,
@@ -556,7 +558,11 @@ class NodeClam {
                 }
                 // Host can be ignored since the default is `localhost`
                 else if (this.settings.tls) {
-                    client = tls.connect({ port: this.settings.clamdscan.port, timeout });
+                    client = tls.connect({
+                        port: this.settings.clamdscan.port,
+                        rejectUnauthorized: this.settings.clamdscan.rejectUnauthorized,
+                        timeout
+                    });
                 } else {
                     client = net.createConnection({ port: this.settings.clamdscan.port, timeout });
                 }