diff --git a/Changelog.md b/Changelog.md
index 1145ea38..611f3799 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,7 @@ This file only reflects the changes that are made in this image. Please refer to
 
 **latest**
 - `envsubst` is now used for updating the configurations
+- renamed config `CA_CERTIFICATES_PATH` to `SSL_CA_CERTIFICATES_PATH`
 
 **8.2.3**
 - fixed static asset routing when `GITLAB_RELATIVE_URL_ROOT` is used.
diff --git a/README.md b/README.md
index a5acb3fc..02348783 100644
--- a/README.md
+++ b/README.md
@@ -609,7 +609,7 @@ There you have it, thats all there is to it.
 
 If your GitLab CI server is using self-signed SSL certificates then you should make sure the GitLab CI server certificate is trusted on the GitLab server for them to be able to talk to each other.
 
-The default path image is configured to look for the trusted SSL certificates is at `/home/git/data/certs/ca.crt`, this can however be changed using the `CA_CERTIFICATES_PATH` configuration option.
+The default path image is configured to look for the trusted SSL certificates is at `/home/git/data/certs/ca.crt`, this can however be changed using the `SSL_CA_CERTIFICATES_PATH` configuration option.
 
 Copy the `ca.crt` file into the certs directory on the [datastore](#data-store). The `ca.crt` file should contain the root certificates of all the servers you want to trust. With respect to GitLab CI, this will be the contents of the gitlab_ci.crt file as described in the [README](https://github.com/sameersbn/docker-gitlab-ci/blob/master/README.md#ssl) of the [docker-gitlab-ci](https://github.com/sameersbn/docker-gitlab-ci) container.
 
@@ -793,8 +793,8 @@ Below is the complete list of available options that can be used to customize yo
 - **SSL_CERTIFICATE_PATH**: Location of the ssl certificate. Defaults to `/home/git/data/certs/gitlab.crt`
 - **SSL_KEY_PATH**: Location of the ssl private key. Defaults to `/home/git/data/certs/gitlab.key`
 - **SSL_DHPARAM_PATH**: Location of the dhparam file. Defaults to `/home/git/data/certs/dhparam.pem`
-- **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
-- **CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
+- **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `SSL_CA_CERTIFICATES_PATH` file. Defaults to `false`
+- **SSL_CA_CERTIFICATES_PATH**: List of SSL certificates to trust. Defaults to `/home/git/data/certs/ca.crt`.
 - **NGINX_WORKERS**: The number of nginx workers to start. Defaults to `1`.
 - **NGINX_PROXY_BUFFERING**: Enable `proxy_buffering`. Defaults to `off`.
 - **NGINX_ACCEL_BUFFERING**: Enable `X-Accel-Buffering` header. Default to `no`
diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl
index 447cec94..b57edf1a 100644
--- a/assets/runtime/config/nginx/gitlab-ssl
+++ b/assets/runtime/config/nginx/gitlab-ssl
@@ -80,7 +80,7 @@ server {
   ssl_certificate {{SSL_CERTIFICATE_PATH}};
   ssl_certificate_key {{SSL_KEY_PATH}};
   ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
+  ssl_client_certificate {{SSL_CA_CERTIFICATES_PATH}};
 
   # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
   ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
index 3e940440..0fa997be 100644
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@@ -90,7 +90,8 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 
-CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}
+SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$CA_CERTIFICATES_PATH} # backward compatibility
+SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}
 
 ## BACKUPS
 GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable}
diff --git a/assets/runtime/functions b/assets/runtime/functions
index a4d10102..3d85d8cc 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -681,8 +681,8 @@ nginx_configure_gitlab_ssl() {
   if [[ ${GITLAB_HTTPS} == true && -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then
     echo "Configuring nginx::gitlab::ssl..."
 
-    if [[ ! -f ${CA_CERTIFICATES_PATH} ]]; then
-      sed -i "/{{CA_CERTIFICATES_PATH}}/d" ${GITLAB_NGINX_CONFIG}
+    if [[ ! -f ${SSL_CA_CERTIFICATES_PATH} ]]; then
+      sed -i "/{{SSL_CA_CERTIFICATES_PATH}}/d" ${GITLAB_NGINX_CONFIG}
     fi
 
     if [[ ${GITLAB_HTTPS_HSTS_ENABLED} != true ]]; then
@@ -694,7 +694,7 @@ nginx_configure_gitlab_ssl() {
       SSL_KEY_PATH \
       SSL_DHPARAM_PATH \
       SSL_VERIFY_CLIENT \
-      CA_CERTIFICATES_PATH \
+      SSL_CA_CERTIFICATES_PATH \
       GITLAB_HTTPS_HSTS_MAXAGE
   fi
 }
@@ -761,10 +761,10 @@ map_uidgid() {
 }
 
 update_ca_certificates() {
-  if [[ -f ${SSL_CERTIFICATE_PATH} || -f ${CA_CERTIFICATES_PATH} ]]; then
+  if [[ -f ${SSL_CERTIFICATE_PATH} || -f ${SSL_CA_CERTIFICATES_PATH} ]]; then
     echo "Updating CA certificates..."
     [[ -f ${SSL_CERTIFICATE_PATH} ]] && cp "${SSL_CERTIFICATE_PATH}" /usr/local/share/ca-certificates/gitlab.crt
-    [[ -f ${CA_CERTIFICATES_PATH} ]] && cp "${CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt
+    [[ -f ${SSL_CA_CERTIFICATES_PATH} ]] && cp "${SSL_CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt
     update-ca-certificates --fresh >/dev/null
   fi
 }