diff --git a/net/openvswitch/Makefile b/net/openvswitch/Makefile
index 9c23a2467..6883ba4ba 100644
--- a/net/openvswitch/Makefile
+++ b/net/openvswitch/Makefile
@@ -17,7 +17,7 @@ include ./openvswitch.mk
 #
 PKG_NAME:=openvswitch
 PKG_VERSION:=$(ovs_version)
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
 PKG_HASH:=7d5797f2bf2449c6a266149e88f72123540f7fe7f31ad52902057ae8d8f88c38
diff --git a/net/openvswitch/README.md b/net/openvswitch/README.md
index 5ed04d771..5cc8bbffe 100644
--- a/net/openvswitch/README.md
+++ b/net/openvswitch/README.md
@@ -69,6 +69,19 @@ ovs ovn_northd, ovn_controller & ovs_bridge.
 Each of these supports a disabled option, which should be 
 set to 0 to launch the respective daemons.
 
+The ovs section section also supports the options below, to configure a set of
+SSL CA, certificate and private key. After adding these to Open vSwitch, you
+may specify ssl: connection methods for e.g. the OpenFlow controller. Note that
+Open vSwitch only reads these files during startup, so it needs to be restarted
+after adding or changing these options.
+
+| Name     | Type    | Required | Default | Description                       |
+|----------|---------|----------|---------|-----------------------------------|
+| disabled | boolean | no       | 0       | If set to 1, do not configure SSL |
+| ca       | string  | no       | (none)  | Path to CA certificate            |
+| cert     | string  | no       | (none)  | Path to certificate               |
+| key      | string  | no       | (none)  | Path to private key               |
+
 The ovs_bridge section also supports the options below,
 for initialising a virtual bridge with an OpenFlow controller.
 
diff --git a/net/openvswitch/files/openvswitch.config b/net/openvswitch/files/openvswitch.config
index 56900b888..c812b7dd6 100644
--- a/net/openvswitch/files/openvswitch.config
+++ b/net/openvswitch/files/openvswitch.config
@@ -1,5 +1,8 @@
 config ovs ovs
 	option disabled 1
+	option ca '/etc/openvswitch/example_ca.crt'
+	option cert '/etc/openvswitch/example_cert.crt'
+	option key '/etc/openvswitch/example_key.crt'
 
 config ovn_northd north
 	option disabled 1
diff --git a/net/openvswitch/files/openvswitch.init b/net/openvswitch/files/openvswitch.init
index 84ba17b62..229e6869b 100755
--- a/net/openvswitch/files/openvswitch.init
+++ b/net/openvswitch/files/openvswitch.init
@@ -90,6 +90,7 @@ ovs_xx() {
 		ovs)
 			"$ovs_ctl" "$action" \
 				--system-id=random 1000>&-
+			ovs_set_ssl
 			;;
 		ovn_*)
 			"$ovn_ctl" "${action}_${cfgtype#ovn_}"
@@ -216,3 +217,14 @@ ovs_bridge_init() {
 	[ -n "$controller" ] && \
 		ovs-vsctl set-controller "$name" "$controller"
 }
+
+ovs_set_ssl() {
+	local ca="$(uci -q get openvswitch.ovs.ca)"
+	[ -f "$ca" ] || return
+	local cert="$(uci get openvswitch.ovs.cert)"
+	[ -f "$cert" ] || return
+	local key="$(uci get openvswitch.ovs.key)"
+	[ -f "$key" ] || return
+
+	ovs-vsctl set-ssl "$key" "$cert" "$ca"
+}