diff --git a/Custom-CA.md b/Custom-CA.md
new file mode 100644
index 0000000..8fedfd6
--- /dev/null
+++ b/Custom-CA.md
@@ -0,0 +1,53 @@
+When using TLS with a custom CA, there are a few variables that need to be set up.
+
+Make sure that on the docker host has the self-signed trusted CA certificate in the OS cert bundle (e.g. in Ubuntu / Debian `/etc/ssl/certs/ca-certificates.crt` or in RHEL `/etc/ssl/certs/ca-bundle.crt`). 
+
+## For GIT datasources
+
+For HTTPS repos, the Python `requests` package is used, which does not use the `SSL_CERT_FILE` environment variable. By default, `requests` is shipped with a dedicated (OS independent) trusted CA bundle. It relies on `certifi` as CA bundle source.
+In order to override this, override the env variable `REQUESTS_CA_BUNDLE`.
+
+Adjust the `/path/to/os/cert/file` and update the `docker-compose.override.yml` as follows:
+
+```yaml
+---
+services:
+  netbox:
+    environment:
+        REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
+    volumes:
+    volumes:
+      - /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
+  netbox-worker:
+    environment:
+        REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
+    volumes:
+    volumes:
+      - /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
+```
+
+This overrides the trusted CA certificates within the containers, with the trusted CA certificates of your Linux Docker host (which includes your private CA certificates as well).
+
+
+## For LDAPS
+
+Netbox [[LDAP]] uses django-ldap-auth which in turn uses the python-ldap package.
+This package currently does not support cert bundles with [EV data](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) which are often delivered by modern OS (e.g. in RHEL `/etc/ssl/certs/ca-bundle.trust.crt`)
+
+Make sure to use the cert bundle without the EV data (e.g. in RHEL `/etc/ssl/certs/ca-bundle.crt`)
+
+
+Adjust the `/path/to/os/cert/file` and update the `docker-compose.override.yml` as follows:
+
+```yaml
+---
+services:
+  netbox:
+    environment:
+      LDAP_IGNORE_CERT_ERRORS: False
+      LDAP_CA_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+    volumes:
+      - /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
+```
+
+This overrides the trusted CA certificates within the containers, with the trusted CA certificates of your Linux Docker host (which includes your private CA certificates as well).