diff --git a/config_app/config_endpoints/api/superuser.py b/config_app/config_endpoints/api/superuser.py
index 34bb9fba9..71cf33e47 100644
--- a/config_app/config_endpoints/api/superuser.py
+++ b/config_app/config_endpoints/api/superuser.py
@@ -1,6 +1,7 @@
 import logging
 import pathvalidate
 import os
+import subprocess
 
 from flask import request, jsonify
 
@@ -49,13 +50,10 @@ class SuperUserCustomCertificate(ApiResource):
             return '', 204
 
         # TODO(QUAY-991): properly install the custom certs provided by user
-        # Call the update script to install the certificate immediately.
-        # if not app.config['TESTING']:
-        #     logger.debug('Calling certs_install.sh')
-        #     if os.system('/conf/init/certs_install.sh') != 0:
-        #         raise Exception('Could not install certificates')
-        #
-        #     logger.debug('certs_install.sh completed')
+        # Call the update script with config dir location to install the certificate immediately.
+        if subprocess.call(['/quay-registry/config_app/init/certs_install.sh'],
+                            env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0:
+            raise Exception('Could not install certificates')
 
         return '', 204
 
diff --git a/config_app/init/certs_install.sh b/config_app/init/certs_install.sh
new file mode 100755
index 000000000..45a08f5ce
--- /dev/null
+++ b/config_app/init/certs_install.sh
@@ -0,0 +1,43 @@
+#! /bin/bash
+set -e
+QUAYPATH=${QUAYPATH:-"."}
+QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf/stack"}
+
+cd ${QUAYDIR:-"/quay-registry"}
+pwd
+
+# Add the custom LDAP certificate
+if [ -e $QUAYCONF/ldap.crt ]
+then
+  cp $QUAYCONF/ldap.crt /usr/local/share/ca-certificates/ldap.crt
+fi
+
+# Add extra trusted certificates (as a directory)
+if [ -d $QUAYCONF/extra_ca_certs ]; then
+  if test "$(ls -A "$QUAYCONF/extra_ca_certs")"; then
+      echo "Installing extra certificates found in $QUAYCONF/extra_ca_certs directory"
+      cp $QUAYCONF/extra_ca_certs/* /usr/local/share/ca-certificates/
+      cat $QUAYCONF/extra_ca_certs/* >> venv/lib/python2.7/site-packages/requests/cacert.pem
+      cat $QUAYCONF/extra_ca_certs/* >> venv/lib/python2.7/site-packages/certifi/cacert.pem
+  fi
+fi
+
+# Add extra trusted certificates (as a file)
+if [ -f $QUAYCONF/extra_ca_certs ]; then
+  echo "Installing extra certificates found in $QUAYCONF/extra_ca_certs file"
+  csplit -z -f /usr/local/share/ca-certificates/extra-ca- $QUAYCONF/extra_ca_certs  '/-----BEGIN CERTIFICATE-----/' '{*}'
+  cat $QUAYCONF/extra_ca_certs >> venv/lib/python2.7/site-packages/requests/cacert.pem
+  cat $QUAYCONF/extra_ca_certs >> venv/lib/python2.7/site-packages/certifi/cacert.pem
+fi
+
+# Add extra trusted certificates (prefixed)
+for f in $(find $QUAYCONF/ -maxdepth 1 -type f -name "extra_ca*")
+do
+ echo "Installing extra cert $f"
+ cp "$f" /usr/local/share/ca-certificates/
+ cat "$f" >> venv/lib/python2.7/site-packages/requests/cacert.pem
+ cat "$f" >> venv/lib/python2.7/site-packages/certifi/cacert.pem
+done
+
+# Update all CA certificates.
+update-ca-certificates