diff --git a/lib/SAML2/SOAPClient.php b/lib/SAML2/SOAPClient.php
index fc1824fea7ba58554c93e6e11cf125d75dc67142..15b0690a915880774fb504df095b0ecd2e2b6330 100644
--- a/lib/SAML2/SOAPClient.php
+++ b/lib/SAML2/SOAPClient.php
@@ -31,9 +31,12 @@ class SAML2_SOAPClient {
 
 		// Determine if we are going to do a MutualSSL connection between the IdP and SP  - Shoaib
 		if ($srcMetadata->hasValue('saml.SOAPClient.certificate')) {
-			$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
-			if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
-				$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+			$cert = $srcMetadata->getValue('saml.SOAPClient.certificate');
+			if ($cert !== FALSE) {
+				$ctxOpts['ssl']['local_cert'] = SimpleSAML_Utilities::resolveCert($srcMetadata->getString('saml.SOAPClient.certificate'));
+				if ($srcMetadata->hasValue('saml.SOAPClient.privatekey_pass')) {
+					$ctxOpts['ssl']['passphrase'] = $srcMetadata->getString('saml.SOAPClient.privatekey_pass');
+				}
 			}
 		} else {
 			/* Use the SP certificate and privatekey if it is configured. */
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 7d4fd1f635d186a77bb23609d03dabae0ff83d63..9c7bc94f2fb113f78dcc8ff0dc4bc4c0c3fd16c1 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -241,6 +241,8 @@ Options
 :   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
     If this option isn't specified, the SP private key and certificate will be used.
 
+:   This option can also be set to `FALSE`, in which case no client certificate will be used.
+
 `saml.SOAPClient.privatekey_pass`
 :   The passphrase of the privatekey in `saml.SOAPClient.certificate`.