diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 2f1f9bd46..6d850dc90 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -195,6 +195,7 @@ class Config(dict):
         'DB_PORT': 3306,
         'DB_USER': 'root',
         'DB_PASSWORD': '',
+        'DB_USE_SSL': False,
         'REDIS_HOST': '127.0.0.1',
         'REDIS_PORT': 6379,
         'REDIS_PASSWORD': '',
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
index 5abe913cd..84f9215fa 100644
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -198,13 +198,12 @@ DATABASES = {
     }
 }
 
-DB_CA_PATH = os.path.join(CERTS_DIR, 'db_ca.pem')
-DB_USE_SSL = False
+DB_USE_SSL = CONFIG.DB_USE_SSL
 if CONFIG.DB_ENGINE.lower() == 'mysql':
     DB_OPTIONS['init_command'] = "SET sql_mode='STRICT_TRANS_TABLES'"
-    if os.path.isfile(DB_CA_PATH):
+    if DB_USE_SSL:
+        DB_CA_PATH = exist_or_default(os.path.join(CERTS_DIR, 'db_ca.pem'), None)
         DB_OPTIONS['ssl'] = {'ca': DB_CA_PATH}
-        DB_USE_SSL = True
 
 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators