diff --git a/README.rst b/README.rst
index a4667475..499c833f 100644
--- a/README.rst
+++ b/README.rst
@@ -67,6 +67,7 @@ In order to use GCM, you are required to include ``GCM_API_KEY``.
 For APNS, you are required to include ``APNS_CERTIFICATE``.
 
 - ``APNS_CERTIFICATE``: Absolute path to your APNS certificate file. Certificates with passphrases are not supported.
+- ``APNS_CA_CERTIFICATES``: Absolute path to a CA certificates file for APNS. Optional - do not set if not needed. Defaults to None.
 - ``GCM_API_KEY``: Your API key for GCM.
 - ``APNS_HOST``: The hostname used for the APNS sockets.
    - When ``DEBUG=True``, this defaults to ``gateway.sandbox.push.apple.com``.
diff --git a/push_notifications/apns.py b/push_notifications/apns.py
index 0e29abf2..00a6879e 100644
--- a/push_notifications/apns.py
+++ b/push_notifications/apns.py
@@ -45,8 +45,10 @@ def _apns_create_socket(address_tuple):
 	except Exception as e:
 		raise ImproperlyConfigured("The APNS certificate file at %r is not readable: %s" % (certfile, e))
 
+	ca_certs = SETTINGS.get("APNS_CA_CERTIFICATES")
+
 	sock = socket.socket()
-	sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, certfile=certfile)
+	sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, certfile=certfile, ca_certs=ca_certs)
 	sock.connect(address_tuple)
 
 	return sock