diff --git a/apis/v1beta1/providerconfig_types.go b/apis/v1beta1/providerconfig_types.go
index 5d12ddb3..b5f5ff65 100644
--- a/apis/v1beta1/providerconfig_types.go
+++ b/apis/v1beta1/providerconfig_types.go
@@ -29,6 +29,10 @@ type ProviderConfigSpec struct {
 
 	// Credentials required to authenticate to this provider.
 	Credentials ProviderCredentials `json:"credentials"`
+
+	// InsecureSkipVerify ignores self signed TLS certificates when connecting
+	// to Gitlab.
+	InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
 }
 
 // ProviderCredentials required to authenticate.
diff --git a/apis/v1beta1/zz_generated.deepcopy.go b/apis/v1beta1/zz_generated.deepcopy.go
index 9d933cb1..f0a57c53 100644
--- a/apis/v1beta1/zz_generated.deepcopy.go
+++ b/apis/v1beta1/zz_generated.deepcopy.go
@@ -88,6 +88,11 @@ func (in *ProviderConfigList) DeepCopyObject() runtime.Object {
 func (in *ProviderConfigSpec) DeepCopyInto(out *ProviderConfigSpec) {
 	*out = *in
 	in.Credentials.DeepCopyInto(&out.Credentials)
+	if in.InsecureSkipVerify != nil {
+		in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
+		*out = new(bool)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderConfigSpec.
diff --git a/go.mod b/go.mod
index 6248d0b4..349bc136 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2
 	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
@@ -82,7 +82,7 @@ require (
 	k8s.io/component-base v0.26.1 // indirect
 	k8s.io/klog/v2 v2.80.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
+	k8s.io/utils v0.0.0-20240102154912-e7106e64919e
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
diff --git a/go.sum b/go.sum
index 9bf2b96d..8dc5905c 100644
--- a/go.sum
+++ b/go.sum
@@ -739,8 +739,8 @@ k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
-k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
-k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
+k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/package/crds/gitlab.crossplane.io_providerconfigs.yaml b/package/crds/gitlab.crossplane.io_providerconfigs.yaml
index 9944e1fc..7b59e72c 100644
--- a/package/crds/gitlab.crossplane.io_providerconfigs.yaml
+++ b/package/crds/gitlab.crossplane.io_providerconfigs.yaml
@@ -104,6 +104,10 @@ spec:
                 required:
                 - source
                 type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify ignores self signed TLS certificates
+                  when connecting to Gitlab.
+                type: boolean
             required:
             - credentials
             type: object
diff --git a/pkg/clients/gitlab.go b/pkg/clients/gitlab.go
index 9dbdd545..0914f932 100644
--- a/pkg/clients/gitlab.go
+++ b/pkg/clients/gitlab.go
@@ -18,14 +18,17 @@ package clients
 
 import (
 	"context"
+	"net/http"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/go-cleanhttp"
 	"github.com/pkg/errors"
 	gitlab "github.com/xanzy/go-gitlab"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
@@ -37,19 +40,26 @@ import (
 
 // Config provides gitlab configurations for the Gitlab client
 type Config struct {
-	Token   string
-	BaseURL string
+	Token              string
+	BaseURL            string
+	InsecureSkipVerify bool
 }
 
 // NewClient creates new Gitlab Client with provided Gitlab Configurations/Credentials.
 func NewClient(c Config) *gitlab.Client {
-	var cl *gitlab.Client
-	var err error
+	options := []gitlab.ClientOptionFunc{}
 	if c.BaseURL != "" {
-		cl, err = gitlab.NewClient(c.Token, gitlab.WithBaseURL(c.BaseURL))
-	} else {
-		cl, err = gitlab.NewClient(c.Token)
+		options = append(options, gitlab.WithBaseURL(c.BaseURL))
 	}
+	if c.InsecureSkipVerify {
+		transport := cleanhttp.DefaultPooledTransport()
+		transport.TLSClientConfig.InsecureSkipVerify = true
+		httpclient := &http.Client{
+			Transport: transport,
+		}
+		options = append(options, gitlab.WithHTTPClient(httpclient))
+	}
+	cl, err := gitlab.NewClient(c.Token, options...)
 	if err != nil {
 		panic(err)
 	}
@@ -89,7 +99,11 @@ func UseProviderConfig(ctx context.Context, c client.Client, mg resource.Managed
 		if err := c.Get(ctx, types.NamespacedName{Namespace: csr.Namespace, Name: csr.Name}, s); err != nil {
 			return nil, errors.Wrap(err, "cannot get credentials secret")
 		}
-		return &Config{BaseURL: pc.Spec.BaseURL, Token: string(s.Data[csr.Key])}, nil
+		return &Config{
+			BaseURL:            pc.Spec.BaseURL,
+			Token:              string(s.Data[csr.Key]),
+			InsecureSkipVerify: ptr.Deref(pc.Spec.InsecureSkipVerify, false),
+		}, nil
 	default:
 		return nil, errors.Errorf("credentials source %s is not currently supported", s)
 	}
diff --git a/pkg/controller/projects/deploykeys/controller.go b/pkg/controller/projects/deploykeys/controller.go
index a02e8b0c..a2cf51f9 100644
--- a/pkg/controller/projects/deploykeys/controller.go
+++ b/pkg/controller/projects/deploykeys/controller.go
@@ -16,7 +16,7 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/utils/pointer"
+	"k8s.io/utils/ptr"
 	controller "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -255,7 +255,7 @@ func generateUpdateOptions(customResourse *v1alpha1.DeployKey) *gitlab.UpdateDep
 }
 
 func isUpToDate(cr *v1alpha1.DeployKey, dk *gitlab.ProjectDeployKey) bool {
-	isCanPushUpToDate := pointer.BoolEqual(cr.Spec.ForProvider.CanPush, &dk.CanPush)
+	isCanPushUpToDate := ptr.Equal(cr.Spec.ForProvider.CanPush, &dk.CanPush)
 	isTitleUpToDate := cr.Spec.ForProvider.Title == dk.Title
 
 	return isCanPushUpToDate && isTitleUpToDate