diff --git a/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs b/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs
index 89765ff..0adaed5 100644
--- a/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs
+++ b/DysonNetwork.Gateway/Startup/ServiceCollectionExtensions.cs
@@ -1,5 +1,6 @@
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using DysonNetwork.Shared.Registry;
-using Microsoft.AspNetCore.Http.Timeouts;
 using Yarp.ReverseProxy.Configuration;
 
 namespace DysonNetwork.Gateway.Startup;
@@ -9,7 +10,21 @@ public static class ServiceCollectionExtensions
     public static IServiceCollection AddGateway(this IServiceCollection services, IConfiguration configuration)
     {
         services.AddRequestTimeouts();
-        services.AddReverseProxy();
+
+        services
+            .AddReverseProxy()
+            .ConfigureHttpClient((context, handler) =>
+            {
+                var caCert = X509CertificateLoader.LoadCertificateFromFile(configuration["CaCert"]!);
+                handler.SslOptions = new SslClientAuthenticationOptions
+                {
+                    RemoteCertificateValidationCallback = (sender, cert, chain, errors) =>
+                    {
+                        return chain.ChainElements
+                            .Any(e => e.Certificate.Thumbprint == caCert.Thumbprint);
+                    }
+                };
+            });
 
         services.AddRegistryService(configuration);
         services.AddSingleton<IProxyConfigProvider, RegistryProxyConfigProvider>();