diff --git a/Changelog.md b/Changelog.md
index fd6a9d6a..39751631 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,6 +1,8 @@
 # Changelog
 
 **latest**
+- added SSL_KEY_PATH configuration option to specify path of ssl key.
+- added SSL_CERTIFICATE_PATH configuration option to specify path of ssl certificate
 - added GITLAB_HTTPS_ONLY configuration option to configure strict https only access
 - added SSL_SELF_SIGNED configuration option to specify use of self signed ssl certificates.
 - fix git over ssh when the default http/https ports are not used.
diff --git a/README.md b/README.md
index 9321a025..c2b33e92 100644
--- a/README.md
+++ b/README.md
@@ -463,6 +463,8 @@ Below is the complete list of available options that can be used to customize yo
 - **GITLAB_HTTPS**: Set to true to enable https support, disabled by default.
 - **GITLAB_HTTPS_ONLY**: Configure access over plain http when GITLAB_HTTPS is enabled. Should be set to false when using a load balancer. Defaults to true.
 - **SSL_SELF_SIGNED**: Set to true when using self signed ssl certificates. false by default.
+- **SSL_CERTIFICATE_PATH**: Location of the ssl certificate. Defaults to /home/git/data/certs/gitlab.crt
+- **SSL_KEY_PATH**: Location of the ssl key. Defaults to /home/git/data/certs/gitlab.key
 - **REDIS_HOST**: The hostname of the redis server. Defaults to localhost
 - **REDIS_PORT**: The connection port of the redis server. Defaults to 6379.
 - **UNICORN_WORKERS**: The number of unicorn workers to start. Defaults to 2.
diff --git a/assets/config/nginx/gitlab.https.permissive b/assets/config/nginx/gitlab.https.permissive
index 88ac792f..a03dead1 100644
--- a/assets/config/nginx/gitlab.https.permissive
+++ b/assets/config/nginx/gitlab.https.permissive
@@ -76,8 +76,8 @@ server {
   root /home/git/gitlab/public;
 
   ssl on;
-  ssl_certificate /home/git/data/certs/gitlab.crt;
-  ssl_certificate_key /home/git/data/certs/gitlab.key;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
   ssl_protocols SSLv3 TLSv1 TLSv1.2;
 
   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
diff --git a/assets/config/nginx/gitlab.https.strict b/assets/config/nginx/gitlab.https.strict
index da95a61c..f107dd33 100644
--- a/assets/config/nginx/gitlab.https.strict
+++ b/assets/config/nginx/gitlab.https.strict
@@ -33,8 +33,8 @@ server {
   root /home/git/gitlab/public;
 
   ssl on;
-  ssl_certificate /home/git/data/certs/gitlab.crt;
-  ssl_certificate_key /home/git/data/certs/gitlab.key;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
   ssl_protocols SSLv3 TLSv1 TLSv1.2;
 
   ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
diff --git a/assets/init b/assets/init
index 47cbc724..d2d96be5 100755
--- a/assets/init
+++ b/assets/init
@@ -12,6 +12,8 @@ GITLAB_SIGNIN=${GITLAB_SIGNIN:-true}
 GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-10}
 
 SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
+SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-/home/git/data/certs/gitlab.crt}
+SSL_KEY_PATH=${SSL_KEY_PATH:-/home/git/data/certs/gitlab.key}
 
 GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable}
 GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
@@ -163,6 +165,8 @@ fi
 
 sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/g' -i /etc/nginx/sites-available/gitlab
 sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-available/gitlab
+sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-available/gitlab
+sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-available/gitlab
 supervisorctl start nginx
 
 # start mysql server if ${DB_HOST} is localhost