diff --git a/app/src/main/java/com/github/gotify/SSLSettings.java b/app/src/main/java/com/github/gotify/SSLSettings.java
new file mode 100644
index 0000000..cb8c4a6
--- /dev/null
+++ b/app/src/main/java/com/github/gotify/SSLSettings.java
@@ -0,0 +1,11 @@
+package com.github.gotify;
+
+public class SSLSettings {
+    public boolean validateSSL;
+    public String cert;
+
+    public SSLSettings(boolean validateSSL, String cert) {
+        this.validateSSL = validateSSL;
+        this.cert = cert;
+    }
+}
diff --git a/app/src/main/java/com/github/gotify/Settings.java b/app/src/main/java/com/github/gotify/Settings.java
index 93a2fd7..14139ff 100644
--- a/app/src/main/java/com/github/gotify/Settings.java
+++ b/app/src/main/java/com/github/gotify/Settings.java
@@ -2,7 +2,6 @@ package com.github.gotify;
 
 import android.content.Context;
 import android.content.SharedPreferences;
-import com.github.gotify.api.CertUtils;
 import com.github.gotify.client.model.User;
 
 public class Settings {
@@ -77,7 +76,7 @@ public class Settings {
         sharedPreferences.edit().putString("cert", cert).apply();
     }
 
-    public CertUtils.SSLSettings sslSettings() {
-        return new CertUtils.SSLSettings(validateSSL(), cert());
+    public SSLSettings sslSettings() {
+        return new SSLSettings(validateSSL(), cert());
     }
 }
diff --git a/app/src/main/java/com/github/gotify/api/CertUtils.java b/app/src/main/java/com/github/gotify/api/CertUtils.java
index be14cf7..efb472e 100644
--- a/app/src/main/java/com/github/gotify/api/CertUtils.java
+++ b/app/src/main/java/com/github/gotify/api/CertUtils.java
@@ -1,6 +1,7 @@
 package com.github.gotify.api;
 
 import android.annotation.SuppressLint;
+import com.github.gotify.SSLSettings;
 import com.github.gotify.Utils;
 import com.github.gotify.log.Log;
 import java.io.IOException;
@@ -19,16 +20,6 @@ import javax.net.ssl.X509TrustManager;
 import okhttp3.OkHttpClient;
 
 public class CertUtils {
-    public static class SSLSettings {
-        boolean validateSSL;
-        String cert;
-
-        public SSLSettings(boolean validateSSL, String cert) {
-            this.validateSSL = validateSSL;
-            this.cert = cert;
-        }
-    }
-
     private static final X509TrustManager trustAll =
             new X509TrustManager() {
                 @SuppressLint("TrustAllX509TrustManager")
diff --git a/app/src/main/java/com/github/gotify/api/ClientFactory.java b/app/src/main/java/com/github/gotify/api/ClientFactory.java
index 96140a6..be4c575 100644
--- a/app/src/main/java/com/github/gotify/api/ClientFactory.java
+++ b/app/src/main/java/com/github/gotify/api/ClientFactory.java
@@ -1,5 +1,6 @@
 package com.github.gotify.api;
 
+import com.github.gotify.SSLSettings;
 import com.github.gotify.Settings;
 import com.github.gotify.Utils;
 import com.github.gotify.client.ApiClient;
@@ -9,7 +10,7 @@ import com.github.gotify.client.auth.ApiKeyAuth;
 import com.github.gotify.client.auth.HttpBasicAuth;
 
 public class ClientFactory {
-    public static ApiClient unauthorized(String baseUrl, CertUtils.SSLSettings sslSettings) {
+    public static ApiClient unauthorized(String baseUrl, SSLSettings sslSettings) {
         ApiClient client = new ApiClient();
         client.setVerifyingSsl(sslSettings.validateSSL);
         client.setSslCaCert(Utils.stringToInputStream(sslSettings.cert));
@@ -18,7 +19,7 @@ public class ClientFactory {
     }
 
     public static ApiClient basicAuth(
-            String baseUrl, CertUtils.SSLSettings sslSettings, String username, String password) {
+            String baseUrl, SSLSettings sslSettings, String username, String password) {
         ApiClient client = unauthorized(baseUrl, sslSettings);
         HttpBasicAuth auth = (HttpBasicAuth) client.getAuthentication("basicAuth");
         auth.setUsername(username);
@@ -28,14 +29,14 @@ public class ClientFactory {
     }
 
     public static ApiClient clientToken(
-            String baseUrl, CertUtils.SSLSettings sslSettings, String token) {
+            String baseUrl, SSLSettings sslSettings, String token) {
         ApiClient client = unauthorized(baseUrl, sslSettings);
         ApiKeyAuth tokenAuth = (ApiKeyAuth) client.getAuthentication("clientTokenHeader");
         tokenAuth.setApiKey(token);
         return client;
     }
 
-    public static VersionApi versionApi(String baseUrl, CertUtils.SSLSettings sslSettings) {
+    public static VersionApi versionApi(String baseUrl, SSLSettings sslSettings) {
         return new VersionApi(unauthorized(baseUrl, sslSettings));
     }
 
diff --git a/app/src/main/java/com/github/gotify/login/LoginActivity.java b/app/src/main/java/com/github/gotify/login/LoginActivity.java
index 9516999..a0e0d56 100644
--- a/app/src/main/java/com/github/gotify/login/LoginActivity.java
+++ b/app/src/main/java/com/github/gotify/login/LoginActivity.java
@@ -17,6 +17,7 @@ import butterknife.OnCheckedChanged;
 import butterknife.OnClick;
 import butterknife.OnTextChanged;
 import com.github.gotify.R;
+import com.github.gotify.SSLSettings;
 import com.github.gotify.Settings;
 import com.github.gotify.Utils;
 import com.github.gotify.api.Api;
@@ -122,7 +123,7 @@ public class LoginActivity extends AppCompatActivity {
         Api.withLogging(
                         ClientFactory.versionApi(
                                         fixedUrl,
-                                        new CertUtils.SSLSettings(
+                                        new SSLSettings(
                                                 !disableSSLValidation, caCertContents))
                                 ::getVersionAsync)
                 .handleInUIThread(this, onValidUrl(fixedUrl), onInvalidUrl(fixedUrl));
@@ -229,7 +230,7 @@ public class LoginActivity extends AppCompatActivity {
         ApiClient client =
                 ClientFactory.basicAuth(
                         settings.url(),
-                        new CertUtils.SSLSettings(!disableSSLValidation, caCertContents),
+                        new SSLSettings(!disableSSLValidation, caCertContents),
                         username,
                         password);
         Api.withLogging(new UserApi(client)::currentUserAsync)
diff --git a/app/src/main/java/com/github/gotify/messages/MessagesActivity.java b/app/src/main/java/com/github/gotify/messages/MessagesActivity.java
index 1ee8d78..134a3fd 100644
--- a/app/src/main/java/com/github/gotify/messages/MessagesActivity.java
+++ b/app/src/main/java/com/github/gotify/messages/MessagesActivity.java
@@ -27,6 +27,7 @@ import com.github.gotify.MissedMessageUtil;
 import com.github.gotify.R;
 import com.github.gotify.Settings;
 import com.github.gotify.Utils;
+import com.github.gotify.api.CertUtils;
 import com.github.gotify.api.ClientFactory;
 import com.github.gotify.client.ApiClient;
 import com.github.gotify.client.ApiException;
@@ -46,8 +47,11 @@ import com.github.gotify.messages.provider.MessageWithImage;
 import com.github.gotify.service.WebSocketService;
 import com.google.android.material.navigation.NavigationView;
 import com.squareup.okhttp.HttpUrl;
+import com.squareup.picasso.OkHttp3Downloader;
 import com.squareup.picasso.Picasso;
 import com.squareup.picasso.Target;
+import okhttp3.OkHttpClient;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -107,6 +111,12 @@ public class MessagesActivity extends AppCompatActivity
         Log.i("Entering " + getClass().getSimpleName());
         settings = new Settings(this);
 
+        try {
+            Picasso.setSingletonInstance(makePicasso());
+        } catch (IllegalStateException e) {
+            // ignore, singleton has already been set
+        }
+
         client =
                 ClientFactory.clientToken(settings.url(), settings.sslSettings(), settings.token());
         appsHolder = new ApplicationHolder(this, client);
@@ -168,6 +178,17 @@ public class MessagesActivity extends AppCompatActivity
         }
     }
 
+    private Picasso makePicasso() {
+        OkHttpClient.Builder builder = new OkHttpClient.Builder();
+        CertUtils.applySslSettings(builder, settings.sslSettings());
+
+        OkHttp3Downloader downloader = new OkHttp3Downloader(builder.build());
+
+        return new Picasso.Builder(this)
+                .downloader(downloader)
+                .build();
+    }
+
     private void initDrawer() {
         setSupportActionBar(toolbar);
         navigationView.setItemIconTintList(null);
diff --git a/app/src/main/java/com/github/gotify/service/WebSocketConnection.java b/app/src/main/java/com/github/gotify/service/WebSocketConnection.java
index 57c29e0..cb08541 100644
--- a/app/src/main/java/com/github/gotify/service/WebSocketConnection.java
+++ b/app/src/main/java/com/github/gotify/service/WebSocketConnection.java
@@ -1,6 +1,7 @@
 package com.github.gotify.service;
 
 import android.os.Handler;
+import com.github.gotify.SSLSettings;
 import com.github.gotify.Utils;
 import com.github.gotify.api.Callback;
 import com.github.gotify.api.CertUtils;
@@ -33,11 +34,7 @@ public class WebSocketConnection {
     private Runnable onReconnected;
     private boolean isClosed;
 
-    WebSocketConnection(String baseUrl, CertUtils.SSLSettings settings, String token) {
-        //        client = new ApiClient()
-        //                .setVerifyingSsl(validateSSL)
-        //                .setSslCaCert(Utils.stringToInputStream(cert))
-        //                .getHttpClient();
+    WebSocketConnection(String baseUrl, SSLSettings settings, String token) {
         OkHttpClient.Builder builder =
                 new OkHttpClient.Builder()
                         .readTimeout(0, TimeUnit.MILLISECONDS)