diff --git a/README.md b/README.md
index 27be2b5..3946df5 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ You should see output showing the tables in the mssql database.
| [auto\_minor\_version\_upgrade](#input\_auto\_minor\_version\_upgrade) | n/a | `bool` | `true` | no |
| [backup\_retention\_period](#input\_backup\_retention\_period) | The days to retain backups for. Default 7 | `number` | `7` | no |
| [backup\_window](#input\_backup\_window) | n/a | `string` | `"03:00-06:00"` | no |
+| [ca\_cert\_identifier](#input\_ca\_cert\_identifier) | Specifies the identifier of the CA certificate for the DB instance | `string` | `"rds-ca-rsa2048-g1"` | no |
| [create\_random\_password](#input\_create\_random\_password) | Determines whether to create random password for RDS primary cluster | `bool` | `true` | no |
| [deletion\_protection](#input\_deletion\_protection) | n/a | `bool` | `false` | no |
| [instance\_class](#input\_instance\_class) | Instance classes for instances created under the cluster | `string` | `"db.r5.xlarge"` | no |
diff --git a/main.tf b/main.tf
index cdd1460..19b768b 100644
--- a/main.tf
+++ b/main.tf
@@ -23,6 +23,7 @@ module "mssql-db" {
major_engine_version = "15.00"
auto_minor_version_upgrade = var.auto_minor_version_upgrade
instance_class = var.instance_class
+ ca_cert_identifier = var.ca_cert_identifier
allocated_storage = var.allocated_storage
diff --git a/variables.tf b/variables.tf
index 25a90af..4a3331f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -137,3 +137,9 @@ variable "s3_integration_role_arn" {
default = ""
nullable = false
}
+
+variable "ca_cert_identifier" {
+ description = "Specifies the identifier of the CA certificate for the DB instance"
+ type = string
+ default = "rds-ca-rsa2048-g1"
+}