diff --git a/docs/cluster-registration.md b/docs/cluster-registration.md
index f63a3076f5..52e41859d7 100644
--- a/docs/cluster-registration.md
+++ b/docs/cluster-registration.md
@@ -25,6 +25,7 @@ Repeat this step to join any additional clusters.
 
 **NOTE:** `cluster-context` will default to use the joining cluster name if not
 specified.
+**NOTE:** Before the [PR](https://github.com/kubernetes-sigs/kubefed/pull/1361), `kubefed` automatically fetches apiserver's `certificate-authority-data` from member cluster, after that kubefed will use `certificate-authority-data` in joining cluster's kubeconfig file.
 
 # Checking status of joined clusters
 
diff --git a/pkg/kubefedctl/join.go b/pkg/kubefedctl/join.go
index b839b909f6..9f76e191b9 100644
--- a/pkg/kubefedctl/join.go
+++ b/pkg/kubefedctl/join.go
@@ -272,6 +272,10 @@ func joinClusterForNamespace(hostConfig, clusterConfig *rest.Config, kubefedName
 		disabledTLSValidations = append(disabledTLSValidations, fedv1b1.TLSAll)
 	}
 
+	if clusterConfig.CAData != nil {
+		caBundle = clusterConfig.CAData
+	}
+
 	kubefedCluster, err := createKubeFedCluster(client, joiningClusterName, clusterConfig.Host,
 		secret.Name, kubefedNamespace, caBundle, disabledTLSValidations, dryRun, errorOnExisting)
 	if err != nil {