diff --git a/client/registry.go b/client/registry.go
index 50f6af3..1a0c7b9 100644
--- a/client/registry.go
+++ b/client/registry.go
@@ -9,11 +9,12 @@ func GetRegistryBody(d *schema.ResourceData) models.RegistryBody {
 	regType, _ := GetRegistryType(d.Get("provider_name").(string))
 
 	body := models.RegistryBody{
-		Description: d.Get("description").(string),
-		Insecure:    d.Get("insecure").(bool),
-		Name:        d.Get("name").(string),
-		Type:        regType,
-		URL:         d.Get("endpoint_url").(string),
+		Description:   d.Get("description").(string),
+		Insecure:      d.Get("insecure").(bool),
+		Name:          d.Get("name").(string),
+		Type:          regType,
+		URL:           d.Get("endpoint_url").(string),
+		CACertificate: d.Get("ca_certificate").(string),
 	}
 
 	body.Credential.AccessKey = d.Get("access_id").(string)
@@ -26,12 +27,13 @@ func GetRegistryBody(d *schema.ResourceData) models.RegistryBody {
 func GetRegistryUpdateBody(d *schema.ResourceData) models.RegistryUpdateBody {
 
 	body := models.RegistryUpdateBody{
-		AccessKey:    d.Get("access_id").(string),
-		AccessSecret: d.Get("access_secret").(string),
-		Description:  d.Get("description").(string),
-		Insecure:     d.Get("insecure").(bool),
-		Name:         d.Get("name").(string),
-		URL:          d.Get("endpoint_url").(string),
+		AccessKey:     d.Get("access_id").(string),
+		AccessSecret:  d.Get("access_secret").(string),
+		Description:   d.Get("description").(string),
+		Insecure:      d.Get("insecure").(bool),
+		Name:          d.Get("name").(string),
+		URL:           d.Get("endpoint_url").(string),
+		CACertificate: d.Get("ca_certificate").(string),
 	}
 
 	return body
diff --git a/docs/data-sources/registry.md b/docs/data-sources/registry.md
index b254bad..4d72978 100644
--- a/docs/data-sources/registry.md
+++ b/docs/data-sources/registry.md
@@ -33,7 +33,8 @@ output "harbor_registry_id" {
 - `description` (String) The description of the external container register.
 - `id` (String) The ID of this resource.
 - `insecure` (Boolean) If the certificate of the external container register can be verified.
-- `registry_id` (Number) The id of the register within harbor.
+- `registry_id` (Number) The ID of the register within harbor.
 - `status` (String) The health status of the external container register
 - `type` (String) The type of the provider type.
-- `url` (String) The url endpoint for the external container register
+- `url` (String) The URL endpoint for the external container register
+- `ca_certificate` (String) The PEM-encoded CA certificate trusting the registry
\ No newline at end of file
diff --git a/docs/resources/registry.md b/docs/resources/registry.md
index f7f7472..647677d 100644
--- a/docs/resources/registry.md
+++ b/docs/resources/registry.md
@@ -14,9 +14,9 @@ description: |-
 
 ```terraform
 resource "harbor_registry" "main" {
-  provider_name = "docker-hub"
-  name          = "test_docker_harbor"
-  endpoint_url  = "https://hub.docker.com"
+  provider_name  = "docker-hub"
+  name           = "test_docker_harbor"
+  endpoint_url   = "https://hub.docker.com"
 }
 ```
 
@@ -24,7 +24,7 @@ resource "harbor_registry" "main" {
 
 ### Required
 
-- `endpoint_url` (String) The url endpoint for the external container register ie `"https://hub.docker.com"`
+- `endpoint_url` (String) The URL endpoint for the external container register i.e. `"https://hub.docker.com"`
 - `name` (String) The name of the register.
 - `provider_name` (String) The name of the provider.
 
@@ -46,10 +46,12 @@ resource "harbor_registry" "main" {
 
 ### Optional
 
-- `access_id` (String) The username / access id for the external container register.
-- `access_secret` (String, Sensitive) The password / access keys / token for the external container register.
+- `access_id` (String) The username / access ID for the external container register.
+- `access_secret` (String, Sensitive) The password / access key / token for the external container register.
 - `description` (String) The description of the external container register.
 - `insecure` (Boolean) Verifies the certificate of the external container register. (Default: `false`)
+- `ca_certificate` (String) PEM-encoded CA certificate trusting the registry custom-signed certificate.
+(ignored in <2.15.0)
 
 ### Read-Only
 
@@ -58,6 +60,7 @@ resource "harbor_registry" "main" {
 - `status` (String)
 
 ## Import
+
 Import is supported using the following syntax with the `registry` `id`:
 
 ```shell
diff --git a/models/registry.go b/models/registry.go
index 4094bc0..c013724 100644
--- a/models/registry.go
+++ b/models/registry.go
@@ -9,14 +9,15 @@ type RegistryBody struct {
 		AccessSecret string `json:"access_secret,omitempty"`
 		Type         string `json:"type,omitempty"`
 	} `json:"credential,omitempty"`
-	UpdateTime   string `json:"update_time,omitempty"`
-	Name         string `json:"name,omitempty"`
-	URL          string `json:"url,omitempty"`
-	Insecure     bool   `json:"insecure,omitempty"`
-	CreationTime string `json:"creation_time,omitempty"`
-	Type         string `json:"type,omitempty"`
-	ID           int    `json:"id,omitempty"`
-	Description  string `json:"description,omitempty"`
+	UpdateTime    string `json:"update_time,omitempty"`
+	Name          string `json:"name,omitempty"`
+	URL           string `json:"url,omitempty"`
+	Insecure      bool   `json:"insecure,omitempty"`
+	CreationTime  string `json:"creation_time,omitempty"`
+	Type          string `json:"type,omitempty"`
+	ID            int    `json:"id,omitempty"`
+	Description   string `json:"description,omitempty"`
+	CACertificate string `json:"ca_certificate,omitempty"`
 }
 
 type RegistryUpdateBody struct {
@@ -27,4 +28,5 @@ type RegistryUpdateBody struct {
 	URL            string `json:"url,omitempty"`
 	Insecure       bool   `json:"insecure"`
 	Description    string `json:"description"`
+	CACertificate  string `json:"ca_certificate"`
 }
diff --git a/provider/data_registry.go b/provider/data_registry.go
index 76cd661..e258e20 100644
--- a/provider/data_registry.go
+++ b/provider/data_registry.go
@@ -43,6 +43,10 @@ func dataRegistry() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"ca_certificate": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -74,6 +78,7 @@ func dataRegistryRead(d *schema.ResourceData, m interface{}) error {
 			d.Set("url", v.URL)
 			d.Set("insecure", v.Insecure)
 			d.Set("status", v.Status)
+			d.Set("ca_certificate", v.CACertificate)
 		}
 	}
 
diff --git a/provider/resource_registry.go b/provider/resource_registry.go
index 26c7677..14c6bb6 100644
--- a/provider/resource_registry.go
+++ b/provider/resource_registry.go
@@ -46,6 +46,11 @@ func resourceRegistry() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"ca_certificate": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "",
+			},
 			"status": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -109,6 +114,7 @@ func resourceRegistryRead(d *schema.ResourceData, m interface{}) error {
 	d.Set("endpoint_url", jsonData.URL)
 	d.Set("access_id", jsonData.Credential.AccessKey)
 	d.Set("insecure", jsonData.Insecure)
+	d.Set("ca_certificate", jsonData.CACertificate)
 	d.Set("status", jsonData.Status)
 	d.Set("registry_id", jsonData.ID)
 	d.Set("provider_name", registryName)