diff --git a/channeldb/kvdb/etcd/db.go b/channeldb/kvdb/etcd/db.go
index 3b961273..7698ed91 100644
--- a/channeldb/kvdb/etcd/db.go
+++ b/channeldb/kvdb/etcd/db.go
@@ -10,6 +10,7 @@ import (
 
 	"github.com/btcsuite/btcwallet/walletdb"
 	"github.com/coreos/etcd/clientv3"
+	"github.com/coreos/etcd/pkg/transport"
 )
 
 const (
@@ -130,6 +131,16 @@ type BackendConfig struct {
 	// Pass is the password for the etcd peer.
 	Pass string
 
+	// CertFile holds the path to the TLS certificate for etcd RPC.
+	CertFile string
+
+	// KeyFile holds the path to the TLS private key for etcd RPC.
+	KeyFile string
+
+	// InsecureSkipVerify should be set to true if we intend to
+	// skip TLS verification.
+	InsecureSkipVerify bool
+
 	// CollectCommitStats indicates wheter to commit commit stats.
 	CollectCommitStats bool
 }
@@ -137,12 +148,25 @@ type BackendConfig struct {
 // newEtcdBackend returns a db object initialized with the passed backend
 // config. If etcd connection cannot be estabished, then returns error.
 func newEtcdBackend(config BackendConfig) (*db, error) {
+	tlsInfo := transport.TLSInfo{
+		CertFile:           config.CertFile,
+		KeyFile:            config.KeyFile,
+		InsecureSkipVerify: config.InsecureSkipVerify,
+	}
+
+	tlsConfig, err := tlsInfo.ClientConfig()
+	if err != nil {
+		return nil, err
+	}
+
 	cli, err := clientv3.New(clientv3.Config{
 		Endpoints:   []string{config.Host},
 		DialTimeout: etcdConnectionTimeout,
 		Username:    config.User,
 		Password:    config.Pass,
+		TLS:         tlsConfig,
 	})
+
 	if err != nil {
 		return nil, err
 	}
diff --git a/channeldb/kvdb/etcd/embed.go b/channeldb/kvdb/etcd/embed.go
index b996293c..8e6ce802 100644
--- a/channeldb/kvdb/etcd/embed.go
+++ b/channeldb/kvdb/etcd/embed.go
@@ -61,9 +61,10 @@ func NewEmbeddedEtcdInstance(path string) (*BackendConfig, func(), error) {
 	}
 
 	connConfig := &BackendConfig{
-		Host: "http://" + peerURL,
-		User: "user",
-		Pass: "pass",
+		Host:               "http://" + peerURL,
+		User:               "user",
+		Pass:               "pass",
+		InsecureSkipVerify: true,
 	}
 
 	return connConfig, func() {
diff --git a/lncfg/db.go b/lncfg/db.go
index 4b887aa1..d303e58a 100644
--- a/lncfg/db.go
+++ b/lncfg/db.go
@@ -26,6 +26,12 @@ type EtcdDB struct {
 
 	Pass string `long:"pass" description:"Password for the database user."`
 
+	CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
+
+	KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
+
+	InsecureSkipVerify bool `long:"insecure_skip_verify" description:"Whether we intend to skip TLS verification"`
+
 	CollectStats bool `long:"collect_stats" description:"Wheter to collect etcd commit stats."`
 }
 
@@ -73,6 +79,9 @@ func (db *DB) GetBackend(path string) (kvdb.Backend, error) {
 			Host:               db.Etcd.Host,
 			User:               db.Etcd.User,
 			Pass:               db.Etcd.Pass,
+			CertFile:           db.Etcd.CertFile,
+			KeyFile:            db.Etcd.KeyFile,
+			InsecureSkipVerify: db.Etcd.InsecureSkipVerify,
 			CollectCommitStats: db.Etcd.CollectStats,
 		}
 		return kvdb.Open(kvdb.EtcdBackendName, backendConfig)