diff --git a/docs/resources/cdn_sslcert.md b/docs/resources/cdn_sslcert.md
index 28a1cfe..26ee167 100644
--- a/docs/resources/cdn_sslcert.md
+++ b/docs/resources/cdn_sslcert.md
@@ -51,6 +51,7 @@ resource "gcore_cdn_sslcert" "lets_encrypt_cert" {
 - `automated` (Boolean) The way SSL certificate was issued.
 - `cert` (String, Sensitive) The public part of the SSL certificate. All chain of the SSL certificate should be added.
 - `private_key` (String, Sensitive) The private key of the SSL certificate.
+- `validate_root_ca` (Boolean) Defines whether to check the SSL certificate for a signature from a trusted certificate authority.
 
 ### Read-Only
 
diff --git a/gcore/resource_gcore_cdn_sslcerts.go b/gcore/resource_gcore_cdn_sslcerts.go
index 634e096..dbdce74 100644
--- a/gcore/resource_gcore_cdn_sslcerts.go
+++ b/gcore/resource_gcore_cdn_sslcerts.go
@@ -47,6 +47,12 @@ func resourceCDNCert() *schema.Resource {
 				ForceNew:    true,
 				Description: "The way SSL certificate was issued.",
 			},
+			"validate_root_ca": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "Defines whether to check the SSL certificate for a signature from a trusted certificate authority.",
+			},
 		},
 		CreateContext: resourceCDNCertCreate,
 		ReadContext:   resourceCDNCertRead,
@@ -65,6 +71,7 @@ func resourceCDNCertCreate(ctx context.Context, d *schema.ResourceData, m interf
 	req.Name = d.Get("name").(string)
 	req.Cert = d.Get("cert").(string)
 	req.PrivateKey = d.Get("private_key").(string)
+	req.ValidateRootCA = d.Get("validate_root_ca").(bool)
 
 	if d.Get("automated") != nil {
 		req.Automated = d.Get("automated").(bool)