diff --git a/ch_tools/chadmin/cli/zookeeper_group.py b/ch_tools/chadmin/cli/zookeeper_group.py
index 154106c5..df258eff 100644
--- a/ch_tools/chadmin/cli/zookeeper_group.py
+++ b/ch_tools/chadmin/cli/zookeeper_group.py
@@ -23,6 +23,12 @@
 @group("zookeeper")
 @option("--port", help="ZooKeeper port.", type=int, default=2181)
 @option("--host", help="ZooKeeper host.", type=str)
+@option("--secure", help="Use secure connection.", default=False, is_flag=True)
+@option(
+    "--verify-ssl-certs/--no-verify-ssl-certs",
+    help="Check or not SSL Certificates in secure connection.",
+    default=True,
+)
 @option("--timeout", help="ZooKeeper timeout.", default=10)
 @option(
     "--zkcli-identity",
@@ -52,7 +58,16 @@
 )
 @pass_context
 def zookeeper_group(
-    ctx, host, port, timeout, zkcli_identity, no_chroot, no_ch_config, zk_root_path
+    ctx,
+    host,
+    secure,
+    verify_ssl_certs,
+    port,
+    timeout,
+    zkcli_identity,
+    no_chroot,
+    no_ch_config,
+    zk_root_path,
 ):
     """ZooKeeper management commands.
 
@@ -64,6 +79,8 @@ def zookeeper_group(
     ctx.obj["zk_client_args"] = {
         "port": port,
         "host": host,
+        "use_ssl": secure,
+        "verify_ssl_certs": verify_ssl_certs,
         "timeout": timeout,
         "zkcli_identity": zkcli_identity,
         "no_chroot": no_chroot,
diff --git a/ch_tools/chadmin/internal/zookeeper.py b/ch_tools/chadmin/internal/zookeeper.py
index 9116128b..13e1f768 100644
--- a/ch_tools/chadmin/internal/zookeeper.py
+++ b/ch_tools/chadmin/internal/zookeeper.py
@@ -303,6 +303,8 @@ def _get_zk_client(ctx):
     args = ctx.obj.get("zk_client_args", {})
     host = args.get("host")
     port = args.get("port", 2181)
+    use_ssl = args.get("use_ssl", False)
+    verify_ssl_certs = args.get("verify_ssl_certs", True)
     timeout = args.get("timeout", 10)
     zkcli_identity = args.get("zkcli_identity")
     no_chroot = args.get("no_chroot", False)
@@ -334,5 +336,10 @@ def _get_zk_client(ctx):
         auth_data = [("digest", zkcli_identity)]
 
     return KazooClient(
-        connect_str, auth_data=auth_data, timeout=timeout, logger=logging.getLogger()
+        connect_str,
+        auth_data=auth_data,
+        timeout=timeout,
+        logger=logging.getLogger(),
+        use_ssl=use_ssl,
+        verify_certs=verify_ssl_certs,
     )