diff --git a/.env.defaults b/.env.defaults
index b80b50ca96fc290556bf72b9528c4b75702cc38c..b4dfb6172add88c69bf0b23e42921c7b2bc15ba5 100644
--- a/.env.defaults
+++ b/.env.defaults
@@ -16,4 +16,6 @@ REDIS_PREFIX=ui-middleware
 REDIS_HOSTS=localhost:6379
 REDIS_USERNAME=
 REDIS_PASSWORD=
+REDIS_TLS_ENABLED=false
+REDIS_TLS_CA=
 ORIGINS=*
diff --git a/README.md b/README.md
index b3fc64eac1113029b496945f31b028b61e37df40..c6c24a0fcc7db0ebf90d23d7f27c1b04992d82f9 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,8 @@ It is possible to horizontally scale the UI Middleware, as more clients are fetc
 | `redis.username`         | `REDIS_USERNAME`           | Redis username                               | `""`                 |
 | `redis.password`         | `REDIS_PASSWORD`           | Redis password                               | `""`                 |
 | `redis.sidecar.image`    | N/A                        | Redis sidecar image                          | `"redis:latest"`     |
+| `redis.tls.enabled`      | `REDIS_TLS_ENABLED`        | Enable TLS for Redis                         | `false`              |
+| `redis.tls.ca`           | `REDIS_TLS_CA`             | PEM version of redis server CA certificate   | `""`                 |
 | `compressFileSize`       | `COMPRESS_FILE_SIZE`       | Larger files will be gzipped                 | `600`                |
 | `compressFileTypes`      | `COMPRESS_FILE_TYPES`      | Set of compression mime types                | application/javascript application/json application/x-javascript application/xml application/xml+rss text/css text/html text/javascript text/plain text/xml image/svg+xml |
 | `slowRequestThreshold`   | `SLOW_REQUEST_THRESHOLD`   | Slow request threshold in ms                 | `4000`               |
diff --git a/helm/core-ui-middleware/templates/deployment.yaml b/helm/core-ui-middleware/templates/deployment.yaml
index 1574374a841ffed7856e248664591ae328bfa925..c85ee1a7322cdd762bbb0d111b05f8cb1011816e 100644
--- a/helm/core-ui-middleware/templates/deployment.yaml
+++ b/helm/core-ui-middleware/templates/deployment.yaml
@@ -59,6 +59,15 @@ spec:
             {{- end }}
             - name: REDIS_PREFIX
               value: "{{ .Values.redis.prefix }}"
+            - name: REDIS_TLS_ENABLED
+              value: "{{ .Values.redis.tls.enabled }}"
+            {{- if .Values.redis.tls.enabled }}
+            - name: REDIS_TLS_CA
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "core-ui-middleware.redisSecret" . }}
+                  key: ca.crt
+            {{- end }}
           ports:
             - name: http
               containerPort: {{ .Values.containerPort | default 8080 }}
diff --git a/helm/core-ui-middleware/templates/redis-secret.yaml b/helm/core-ui-middleware/templates/redis-secret.yaml
index 749fdb448a38eca1a94e1901e18998eda6f18e4b..6d70bd00ba4909abf89ae95dc47ab1ca084cb8b5 100644
--- a/helm/core-ui-middleware/templates/redis-secret.yaml
+++ b/helm/core-ui-middleware/templates/redis-secret.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.redis.auth.enabled -}}
+{{- if or .Values.redis.auth.enabled  .Values.redis.tls.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,4 +7,5 @@ type: Opaque
 data:
   username: {{ .Values.redis.auth.username | b64enc | quote }}
   password: {{ .Values.redis.auth.password | b64enc | quote }}
+  ca.crt: {{ .Values.redis.auth.ca | b64enc | quote }}
 {{- end -}}
diff --git a/helm/core-ui-middleware/templates/updater.yaml b/helm/core-ui-middleware/templates/updater.yaml
index b71741e5b07aff375f143856f401f1112286cc9d..040467ec48d3993a56919d37384be43ac7b622aa 100644
--- a/helm/core-ui-middleware/templates/updater.yaml
+++ b/helm/core-ui-middleware/templates/updater.yaml
@@ -59,6 +59,15 @@ spec:
             {{- end }}
             - name: REDIS_PREFIX
               value: "{{ .Values.redis.prefix }}"
+            - name: REDIS_TLS_ENABLED
+              value: "{{ .Values.redis.tls.enabled }}"
+            {{- if .Values.redis.tls.enabled }}
+            - name: REDIS_TLS_CA
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "core-ui-middleware.redisSecret" . }}
+                  key: ca.crt
+            {{- end }}
           ports:
             - name: tcp-monitoring
               containerPort: 9090
diff --git a/helm/core-ui-middleware/values.yaml b/helm/core-ui-middleware/values.yaml
index 744916362deb358cf7e300870aa5d21898dc935d..0842833c935643c86476fd230e820a9731010bec 100644
--- a/helm/core-ui-middleware/values.yaml
+++ b/helm/core-ui-middleware/values.yaml
@@ -111,6 +111,9 @@ redis:
     - localhost:6379
   db: 0
   sentinelMasterId: "mymaster"
+  tls:
+    enabled: false
+    ca: ""
   auth:
     enabled: false
     username: ""
diff --git a/src/redis.js b/src/redis.js
index 70c03e21117640fcde772bc129317f2750d6c6fa..38d55bfb8918e0a06efbf6b688fc4b6e0261dad1 100644
--- a/src/redis.js
+++ b/src/redis.js
@@ -30,11 +30,18 @@ const hosts = (process.env.REDIS_HOSTS || '').split(',').map(host => {
   return { host: hostname, port: Number(port) }
 })
 
+const tlsOptions = {}
+if (process.env.REDIS_TLS_ENABLED === 'true') {
+  tlsOptions.tls = {}
+  if (process.env.REDIS_TLS_CA) tlsOptions.tls.ca = process.env.REDIS_TLS_CA
+}
+
 export function createClient (id, options = commonQueueOptions) {
   options = {
     username: process.env.REDIS_USERNAME,
     db: Number(process.env.REDIS_DB),
     password: process.env.REDIS_PASSWORD,
+    ...tlsOptions,
     ...options
   }