diff --git a/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer.java b/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer.java
index 7cba1744a..1993f1a2e 100644
--- a/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer.java
+++ b/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/MarkLogicCloudAuthenticationConfigurer.java
@@ -58,8 +58,9 @@ public void configureAuthentication(OkHttpClient.Builder clientBuilder, MarkLogi
 	private Response callTokenEndpoint(MarkLogicCloudAuthContext securityContext) {
 		final HttpUrl tokenUrl = buildTokenUrl(securityContext);
 		OkHttpClient.Builder clientBuilder = OkHttpUtil.newClientBuilder();
-		// Initial testing has shown that neither the OkHttp socket factory nor hostname verifier need to be configured
-		// for the goal of invoking the token endpoint.
+		// Current assumption is that the SSL config provided for connecting to MarkLogic should also be applicable
+		// for connecting to MarkLogic Cloud's "/token" endpoint.
+		OkHttpUtil.configureSocketFactory(clientBuilder, securityContext.getSSLContext(), securityContext.getTrustManager());
 
 		if (logger.isInfoEnabled()) {
 			logger.info("Calling token endpoint at: " + tokenUrl);
diff --git a/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/OkHttpUtil.java b/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/OkHttpUtil.java
index 9ad515242..3691e7e43 100644
--- a/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/OkHttpUtil.java
+++ b/marklogic-client-api/src/main/java/com/marklogic/client/impl/okhttp/OkHttpUtil.java
@@ -145,7 +145,7 @@ private static void configureHostnameVerifier(OkHttpClient.Builder clientBuilder
 	 * @param sslContext
 	 * @param trustManager
 	 */
-	private static void configureSocketFactory(OkHttpClient.Builder clientBuilder, SSLContext sslContext, X509TrustManager trustManager) {
+	static void configureSocketFactory(OkHttpClient.Builder clientBuilder, SSLContext sslContext, X509TrustManager trustManager) {
 		/**
 		 * Per https://square.github.io/okhttp/3.x/okhttp/okhttp3/OkHttpClient.Builder.html#sslSocketFactory-javax.net.ssl.SSLSocketFactory- ,
 		 * OkHttp requires a TrustManager to be specified so that it can build a clean certificate chain. If trustManager