diff --git a/pkg/command/server.go b/pkg/command/server.go
index c9d11a12a..def13364b 100644
--- a/pkg/command/server.go
+++ b/pkg/command/server.go
@@ -144,6 +144,8 @@ func Server(cfg *config.Config) *cli.Command {
 					LDAPS: glauthcfg.LDAPS{
 						Enabled: cfg.Ldaps.Enabled,
 						Listen:  cfg.Ldaps.Address,
+						Cert:    cfg.Ldaps.Cert,
+						Key:     cfg.Ldaps.Key,
 					},
 					Backend: glauthcfg.Backend{
 						Datastore:   cfg.Backend.Datastore,
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 666a77330..bf99a62a5 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -37,6 +37,13 @@ type Ldap struct {
 	Enabled bool
 }
 
+// Ldaps defined the available LDAPS configuration.
+type Ldaps struct {
+	Ldap
+	Cert string
+	Key  string
+}
+
 // Backend defined the available backend configuration.
 type Backend struct {
 	Datastore   string
@@ -57,7 +64,7 @@ type Config struct {
 	HTTP    HTTP
 	Tracing Tracing
 	Ldap    Ldap
-	Ldaps   Ldap
+	Ldaps   Ldaps
 	Backend Backend
 }
 
diff --git a/pkg/flagset/flagset.go b/pkg/flagset/flagset.go
index 1dda6d8e7..d5f8133b7 100644
--- a/pkg/flagset/flagset.go
+++ b/pkg/flagset/flagset.go
@@ -145,6 +145,20 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"GLAUTH_LDAPS_ENABLED"},
 			Destination: &cfg.Ldaps.Enabled,
 		},
+		&cli.StringFlag{
+			Name:        "ldaps-cert",
+			Value:       "certs/server.crt",
+			Usage:       "path to ldaps certificate in PEM format",
+			EnvVars:     []string{"GLAUTH_LDAPS_CERT"},
+			Destination: &cfg.Ldaps.Cert,
+		},
+		&cli.StringFlag{
+			Name:        "ldaps-key",
+			Value:       "certs/server.key",
+			Usage:       "path to ldaps key in PEM format",
+			EnvVars:     []string{"GLAUTH_LDAPS_KEY"},
+			Destination: &cfg.Ldaps.Key,
+		},
 
 		&cli.StringFlag{
 			Name:        "backend-datastore",