diff --git a/cli/root.go b/cli/root.go
index 56609ae4..63fba028 100644
--- a/cli/root.go
+++ b/cli/root.go
@@ -14,6 +14,8 @@
 package cli
 
 import (
+	"crypto/tls"
+	"net/http"
 	"net/url"
 	"os"
 	"path"
@@ -31,10 +33,11 @@ import (
 )
 
 var (
-	verbose         bool
-	alertmanagerURL *url.URL
-	output          string
-	timeout         time.Duration
+	verbose               bool
+	alertmanagerURL       *url.URL
+	output                string
+	timeout               time.Duration
+	tlsInsecureSkipVerify bool
 
 	configFiles = []string{os.ExpandEnv("$HOME/.config/amtool/config.yml"), "/etc/amtool/config.yml"}
 	legacyFlags = map[string]string{"comment_required": "require-comment"}
@@ -78,6 +81,13 @@ func NewAlertmanagerClient(amURL *url.URL) *client.Alertmanager {
 
 	cr := clientruntime.New(address, path.Join(amURL.Path, defaultAmApiv2path), schemes)
 
+	if tlsInsecureSkipVerify {
+		transport := http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+		cr.Transport = &transport
+	}
+
 	if amURL.User != nil {
 		password, _ := amURL.User.Password()
 		cr.DefaultAuthentication = clientruntime.BasicAuth(amURL.User.Username(), password)
@@ -98,6 +108,7 @@ func Execute() {
 	app.Flag("alertmanager.url", "Alertmanager to talk to").URLVar(&alertmanagerURL)
 	app.Flag("output", "Output formatter (simple, extended, json)").Short('o').Default("simple").EnumVar(&output, "simple", "extended", "json")
 	app.Flag("timeout", "Timeout for the executed command").Default("30s").DurationVar(&timeout)
+	app.Flag("tls.insecure.skip.verify", "Skip TLS certificate verification").BoolVar(&tlsInsecureSkipVerify)
 
 	app.Version(version.Print("amtool"))
 	app.GetFlag("help").Short('h')
@@ -152,5 +163,9 @@ static configuration:
 
 	date.format
 		Sets the output format for dates. Defaults to "2006-01-02 15:04:05 MST"
+
+	tls.insecure.skip.verify
+		Skips TLS certificate verification for all HTTPS requests.
+		Defaults to false.
 `
 )