diff --git a/Gopkg.toml b/Gopkg.toml
index 8e8e9943dd0a00009a9626d49bf8a20ae8e28e05..1e5c022553c12ab6426fb4b8bbe8cc54173a54ba 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -1,5 +1,5 @@
 [[constraint]]
-  branch = "master"
+  branch = "142-Implement_CA_cert"
   name = "code.vereign.com/code/viam-apis"
 
 [[constraint]]
diff --git a/config.yaml.sample b/config.yaml.sample
index c4ee562f13f66c1dfc7a6f0ecdf52997f44fc08e..1ee2d92b8a78a1c7cab3001a72a679b71314c503 100644
--- a/config.yaml.sample
+++ b/config.yaml.sample
@@ -1,13 +1,32 @@
-dataStorageClientUrl: localhost:7777
-grpcClientUrl: localhost:7877
-restClientUrl: localhost:7878
+# Make sure you have a "config.yaml" file on the root folder of this repo
 
-# Certificate Related Config
+# You can use this sample YAML file to configure your installation
+
+# Connection Information
+dataStorageUrl: localhost:7777
+grpcListenAddress: localhost:7877
+restListenAddress: localhost:7878
+
+# Choose a certificate method for providing PEM strings
+# 1 = Read from file (*.crt and *.key files)
+# 2 = Read from Vault server (this will require additional config information for Vault)
+certificateMethod: 1
+
+# Read Certificates From Folder and Files
 certDir: cert
 certFile: server.crt
 certKey: server.key
 vereignCertFile: vereign_ca.cer
 vereignCertKey: vereign_ca.key
+caCertFile: ca.crt
 
 # Maximum Message Size (in megabytes)
-maxMessageSize: 32
\ No newline at end of file
+maxMessageSize: 32
+
+# Read Certificates From Vault Server
+vaultAddress: http://10.6.10.119:8200
+vaultToken: 00000000-0000-0000-0000-000000000000
+vaultPath: /developers/data/devteam/cert
+certificateKey: certificateKey
+privateKey: privateKey
+caCertificateKey: caCertificateKey
diff --git a/handler/generate_keypair.go b/handler/generate_keypair.go
index 6281655cf8e23126240140493032110167735fe4..1a7e20ed3133d461eaaf3be201756b3ffed96382 100644
--- a/handler/generate_keypair.go
+++ b/handler/generate_keypair.go
@@ -39,7 +39,7 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
 	auth := s.CreateAuthentication(ctx)
 
 	client := &client.DataStorageClientImpl{}
-	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.MaxMessageSize)
+	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.KeyFilePath, s.CaCertFilePath, s.MaxMessageSize)
 	defer client.CloseClient()
 
 	generateKeyPairResponse := &api.GenerateKeyPairResponse{}
diff --git a/handler/handler.go b/handler/handler.go
index 0f55be7d3340d4a8926d9bd92bef39e5457f1aab..fac6e94d1b167a93fabceb2c157b913340ed6448 100644
--- a/handler/handler.go
+++ b/handler/handler.go
@@ -36,6 +36,8 @@ import (
 type KeyStorageServerImpl struct {
 	DataStorageUrl            string
 	CertFilePath              string
+	KeyFilePath 			  string
+	CaCertFilePath			  string
 	VereignCertFilePath       string
 	VereignPrivateKeyFilePath string
 	MaxMessageSize			  int
@@ -61,7 +63,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	auth := s.CreateAuthentication(ctx)
 
 	client := &client.DataStorageClientImpl{}
-	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.MaxMessageSize)
+	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.KeyFilePath, s.CaCertFilePath, s.MaxMessageSize)
 	defer client.CloseClient()
 
 	getKeyResponse := &api.GetKeyResponse{}
@@ -108,7 +110,7 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 	auth := s.CreateAuthentication(ctx)
 
 	client := &client.DataStorageClientImpl{}
-	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.MaxMessageSize)
+	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.KeyFilePath, s.CaCertFilePath, s.MaxMessageSize)
 	defer client.CloseClient()
 
 	setKeyResponse := &api.SetKeyResponse{}
@@ -156,7 +158,7 @@ func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.Reser
 	auth := s.CreateAuthentication(ctx)
 
 	client := &client.DataStorageClientImpl{}
-	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.MaxMessageSize)
+	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.KeyFilePath, s.CaCertFilePath, s.MaxMessageSize)
 	defer client.CloseClient()
 
 	reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{}
diff --git a/handler/revoke.go b/handler/revoke.go
index 17709aa8f7b07c0e6f716e2f3a16f0304ce8d88a..4522d3585bd5ede0e9326e78941afb7c5f39238e 100644
--- a/handler/revoke.go
+++ b/handler/revoke.go
@@ -29,7 +29,7 @@ func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest
 	auth := s.CreateAuthentication(ctx)
 
 	client := &client.DataStorageClientImpl{}
-	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.MaxMessageSize)
+	client.SetUpClient(auth, s.DataStorageUrl, s.CertFilePath, s.KeyFilePath, s.CaCertFilePath, s.MaxMessageSize)
 	defer client.CloseClient()
 
 	revokeResponse := &api.RevokeResponse{}
diff --git a/main.go b/main.go
index decdcd84ec2ba1a5a510dcb3e95763b82730c2fe..b49b48d44fc6fcdbe16ff6d77f136c7927e1beee 100644
--- a/main.go
+++ b/main.go
@@ -35,12 +35,13 @@ func main() {
 		return
 	}
 
-	grpcAddress := viper.GetString("grpcClientUrl")
-	restAddress := viper.GetString("restClientUrl")
-	dataStorageAddress := viper.GetString("dataStorageClientUrl")
+	grpcAddress := viper.GetString("grpcListenAddress")
+	restAddress := viper.GetString("restListenAddress")
+	dataStorageAddress := viper.GetString("dataStorageUrl")
 
 	certFilePath := certDir + "/" + viper.GetString("certFile")
 	privateKeyFilePath := certDir + "/" + viper.GetString("certKey")
+	caCertFilePath := certDir + "/" + viper.GetString("caCertFile")
 	vereignCertFilePath := certDir + "/" + viper.GetString("vereignCertFile")
 	vereignPrivateKeyFilePath := certDir + "/" + viper.GetString("vereignCertKey")
 
@@ -48,7 +49,7 @@ func main() {
 
 	// fire the gRPC server in a goroutine
 	go func() {
-		err := server.StartGRPCServer(grpcAddress, certFilePath, privateKeyFilePath, vereignCertFilePath,
+		err := server.StartGRPCServer(grpcAddress, certFilePath, privateKeyFilePath, caCertFilePath, vereignCertFilePath,
 			vereignPrivateKeyFilePath, dataStorageAddress, maxMessageSize)
 		if err != nil {
 			log.Fatalf("failed to start gRPC server: %s", err)
diff --git a/server/configs.go b/server/configs.go
index e747732c96154e7c1606b5a102d7d99c68ddca64..d66e379e5d9d5bf3f19626119ee638ac9268b2fb 100644
--- a/server/configs.go
+++ b/server/configs.go
@@ -9,14 +9,15 @@ func SetConfigValues() {
 	// Set Default Values For Config Variables
 
 	// Vereign API Related
-	viper.SetDefault("grpcClientUrl", "localhost:7877")
-	viper.SetDefault("restClientUrl", "localhost:7878")
-	viper.SetDefault("dataStorageClientUrl", "localhost:7777")
+	viper.SetDefault("grpcListenAddress", "localhost:7877")
+	viper.SetDefault("restListenAddress", "localhost:7878")
+	viper.SetDefault("dataStorageUrl", "localhost:7777")
 	
 	// Certificates Related
 	viper.SetDefault("certDir", "cert")
 	viper.SetDefault("certFile", "server.crt")
 	viper.SetDefault("certKey", "server.key")
+	viper.SetDefault("caCertFile", "ca.crt")
 	viper.SetDefault("vereignCertFile", "vereign_ca.cer")
 	viper.SetDefault("vereignCertKey", "vereign_ca.key")
 
@@ -28,4 +29,11 @@ func SetConfigValues() {
 	if err := viper.ReadInConfig(); err != nil {
 		log.Printf("can't read config: %s, will use default values", err)
 	}
+
+	// Print all config values to log file
+	log.Printf("All Settings From Config:")
+	as := viper.AllSettings()
+	for key, _ := range as {
+	    log.Printf("%s => %s", key, viper.GetString(key))
+	}
 }
\ No newline at end of file
diff --git a/server/server.go b/server/server.go
index 9183c2d94485d1439b1adf6fc501931795f2d9f0..8ff5003e77c2e2349cac8a51ccec3d39ea9e0017 100644
--- a/server/server.go
+++ b/server/server.go
@@ -47,6 +47,8 @@ const (
 )
 
 var pkgCertFile string
+var pkgKeyFile string
+var pkgCaCertFile string
 
 func credMatcher(headerName string) (mdName string, ok bool) {
 	if headerName == "Session" {
@@ -70,7 +72,7 @@ func authenticateClient(ctx context.Context, s *handler.KeyStorageServerImpl, in
 		}
 
 		sessionClient := &client.DataStorageClientImpl{}
-		sessionClient.SetUpClient(viamAuth, viper.GetString("dataStorageClientUrl"), pkgCertFile, viper.GetInt("maxMessageSize"))
+		sessionClient.SetUpClient(viamAuth, viper.GetString("dataStorageUrl"), pkgCertFile, pkgKeyFile, pkgCaCertFile, viper.GetInt("maxMessageSize"))
 		defer sessionClient.CloseClient()
 
 		if clientAuth.Uuid == viamAuth.Uuid {
@@ -107,8 +109,10 @@ func unaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServ
 	return handler1(ctx, req)
 }
 
-func StartGRPCServer(address, certFilePath, privateKeyFilePath, vereignCertFilePath, vereignPrivateKeyFilePath, dataStorageAddress string, maxMessageSize int) error {
+func StartGRPCServer(address, certFilePath, privateKeyFilePath, caCertFilePath, vereignCertFilePath, vereignPrivateKeyFilePath, dataStorageAddress string, maxMessageSize int) error {
 	pkgCertFile = certFilePath
+	pkgKeyFile = privateKeyFilePath
+	pkgCaCertFile = caCertFilePath
 
 	// create a listener on TCP port
 	lis, err := net.Listen("tcp", address)
@@ -120,6 +124,8 @@ func StartGRPCServer(address, certFilePath, privateKeyFilePath, vereignCertFileP
 	s := handler.KeyStorageServerImpl{
 		DataStorageUrl:            dataStorageAddress,
 		CertFilePath:              certFilePath,
+		KeyFilePath:			   privateKeyFilePath,
+		CaCertFilePath:			   caCertFilePath,
 		VereignCertFilePath:       vereignCertFilePath,
 		VereignPrivateKeyFilePath: vereignPrivateKeyFilePath,
 		MaxMessageSize:			   maxMessageSize,