diff --git a/.gitmodules b/.gitmodules
index 60d7b388..5f4c0aa6 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,6 @@
 [submodule "vcard4android"]
 	path = vcard4android
 	url = git@gitlab.com:bitfireAT/vcard4android.git
+[submodule "MemorizingTrustManager"]
+	path = MemorizingTrustManager
+	url = https://github.com/ge0rg/MemorizingTrustManager
diff --git a/MemorizingTrustManager b/MemorizingTrustManager
new file mode 160000
index 00000000..9e30ffdf
--- /dev/null
+++ b/MemorizingTrustManager
@@ -0,0 +1 @@
+Subproject commit 9e30ffdf7dc12744ab069d584febdc6a4ca0de7e
diff --git a/app/build.gradle b/app/build.gradle
index f409a523..0085164b 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -74,4 +74,6 @@ dependencies {
 
     compile project(':dav4android')
     compile project(':vcard4android')
+
+    compile project(':MemorizingTrustManager')
 }
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index aa59af4c..67fc06ad 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -103,6 +103,10 @@
             android:label="@string/settings_title"
             android:parentActivityName=".ui.settings.SettingsActivity" >
         </activity>
+
+        <!-- MemorizingTrustManager -->
+        <activity android:name="de.duenndns.ssl.MemorizingActivity"
+                  android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar"/>
     </application>
 
 </manifest>
diff --git a/app/src/main/java/at/bitfire/davdroid/HttpClient.java b/app/src/main/java/at/bitfire/davdroid/HttpClient.java
index dd8fe88a..20193d73 100644
--- a/app/src/main/java/at/bitfire/davdroid/HttpClient.java
+++ b/app/src/main/java/at/bitfire/davdroid/HttpClient.java
@@ -8,23 +8,33 @@
 
 package at.bitfire.davdroid;
 
+import android.content.Context;
 import android.os.Build;
 
 import com.squareup.okhttp.Authenticator;
+import com.squareup.okhttp.CertificatePinner;
 import com.squareup.okhttp.Credentials;
 import com.squareup.okhttp.Interceptor;
 import com.squareup.okhttp.OkHttpClient;
 import com.squareup.okhttp.Request;
 import com.squareup.okhttp.Response;
+import com.squareup.okhttp.internal.tls.OkHostnameVerifier;
 import com.squareup.okhttp.logging.HttpLoggingInterceptor;
 
 import java.io.IOException;
 import java.net.Proxy;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
 import java.text.SimpleDateFormat;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+
 import at.bitfire.dav4android.HttpUtils;
+import de.duenndns.ssl.MemorizingTrustManager;
 import lombok.RequiredArgsConstructor;
 
 public class HttpClient extends OkHttpClient {
@@ -48,16 +58,20 @@ public class HttpClient extends OkHttpClient {
         userAgent = "DAVdroid/" + BuildConfig.VERSION_NAME + " (" + date + "; dav4android) Android/" + Build.VERSION.RELEASE;
     }
 
+    final Context context;
     protected String username, password;
 
 
     public HttpClient() {
         super();
+        context = null;
         initialize();
     }
 
-    public HttpClient(String username, String password, boolean preemptive) {
+    public HttpClient(Context context, String username, String password, boolean preemptive) {
         super();
+        this.context = context;
+
         initialize();
 
         // authentication
@@ -78,6 +92,8 @@ public class HttpClient extends OkHttpClient {
      */
     public HttpClient(HttpClient client, String host) {
         super();
+        context = client.context;
+
         initialize();
 
         username = client.username;
@@ -87,6 +103,21 @@ public class HttpClient extends OkHttpClient {
 
 
     protected void initialize() {
+        if (context != null) {
+            // use MemorizingTrustManager to manage self-signed certificates
+            MemorizingTrustManager mtm = new MemorizingTrustManager(context);
+            try {
+                SSLContext sc = SSLContext.getInstance("TLS");
+                sc.init(null, new X509TrustManager[] { mtm }, null);
+                setSslSocketFactory(sc.getSocketFactory());
+                setHostnameVerifier(mtm.wrapHostnameVerifier(OkHostnameVerifier.INSTANCE));
+            } catch (NoSuchAlgorithmException e) {
+                Constants.log.error("Couldn't get SSL Context for MemorizingTrustManager", e);
+            } catch (KeyManagementException e) {
+                Constants.log.error("Key management error while initializing MemorizingTrustManager", e);
+            }
+        }
+
         // don't follow redirects automatically because this may rewrite DAV methods to GET
         setFollowRedirects(false);
 
diff --git a/app/src/main/java/at/bitfire/davdroid/resource/DavResourceFinder.java b/app/src/main/java/at/bitfire/davdroid/resource/DavResourceFinder.java
index b3413200..d0537b4a 100644
--- a/app/src/main/java/at/bitfire/davdroid/resource/DavResourceFinder.java
+++ b/app/src/main/java/at/bitfire/davdroid/resource/DavResourceFinder.java
@@ -55,7 +55,7 @@ public class DavResourceFinder {
 	}
 
 	public void findResources(final ServerInfo serverInfo) throws URISyntaxException, IOException, HttpException, DavException {
-        final HttpClient httpClient = new HttpClient(serverInfo.getUserName(), serverInfo.getPassword(), serverInfo.authPreemptive);
+        final HttpClient httpClient = new HttpClient(context, serverInfo.getUserName(), serverInfo.getPassword(), serverInfo.authPreemptive);
 
         // CardDAV
         Constants.log.info("*** CardDAV resource detection ***");
diff --git a/app/src/main/java/at/bitfire/davdroid/syncadapter/ContactsSyncAdapterService.java b/app/src/main/java/at/bitfire/davdroid/syncadapter/ContactsSyncAdapterService.java
index 2d180864..86cd3e3d 100644
--- a/app/src/main/java/at/bitfire/davdroid/syncadapter/ContactsSyncAdapterService.java
+++ b/app/src/main/java/at/bitfire/davdroid/syncadapter/ContactsSyncAdapterService.java
@@ -99,7 +99,7 @@ public class ContactsSyncAdapterService extends Service {
             Constants.log.info("Starting sync for authority " + authority);
 
             AccountSettings settings = new AccountSettings(getContext(), account);
-            HttpClient httpClient = new HttpClient(settings.getUserName(), settings.getPassword(), settings.getPreemptiveAuth());
+            HttpClient httpClient = new HttpClient(getContext(), settings.getUserName(), settings.getPassword(), settings.getPreemptiveAuth());
 
             HttpUrl addressBookURL = HttpUrl.parse(settings.getAddressBookURL());
             DavAddressBook dav = new DavAddressBook(httpClient, addressBookURL);
diff --git a/dav4android b/dav4android
index 487f8d54..8258787d 160000
--- a/dav4android
+++ b/dav4android
@@ -1 +1 @@
-Subproject commit 487f8d544ffd1ade5751fa4768fc4062b86d9ac7
+Subproject commit 8258787df4c29697e76c683d1b9e4caea42205ec
diff --git a/settings.gradle b/settings.gradle
index 391e316e..2931f4d9 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -9,3 +9,4 @@
 include ':app'
 include ':dav4android'
 include ':vcard4android'
+include ':MemorizingTrustManager'
diff --git a/vcard4android b/vcard4android
index 83de70fa..384de9ec 160000
--- a/vcard4android
+++ b/vcard4android
@@ -1 +1 @@
-Subproject commit 83de70faf59054a5ca3dec82f932cd071695034f
+Subproject commit 384de9ec6eab1ac36d875330599b2858ce6ba888