diff --git a/modules/database/rds.tf b/modules/database/rds.tf
index ef99511..7371918 100644
--- a/modules/database/rds.tf
+++ b/modules/database/rds.tf
@@ -64,6 +64,7 @@ resource "aws_rds_cluster_instance" "cluster" {
   cluster_identifier = aws_rds_cluster.cluster.id
   instance_class     = var.database.instance_type
   apply_immediately  = var.instance_apply_immediately
+  ca_cert_identifier = var.ca_certificate_identifier
   tags               = merge(var.tags, { Name = "${var.name}-db" })
 
   lifecycle {
diff --git a/modules/database/variables.tf b/modules/database/variables.tf
index dd2cea5..0993677 100644
--- a/modules/database/variables.tf
+++ b/modules/database/variables.tf
@@ -88,3 +88,9 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "ca_certificate_identifier" {
+  description = "(Optional) The CA certificate identifier to use for the DB cluster's server certificate."
+  type        = string
+  default     = "rds-ca-rsa2048-g1"
+}