diff --git a/sdk/core/azure-core/CHANGELOG.md b/sdk/core/azure-core/CHANGELOG.md
index a3900fb95e..e99adf5f5a 100644
--- a/sdk/core/azure-core/CHANGELOG.md
+++ b/sdk/core/azure-core/CHANGELOG.md
@@ -4,6 +4,9 @@
 
 ### Features Added
 
+- Added the ability to ignore invalid certificate common name for TLS connections in WinHTTP transport.
+- Added `DisableTlsCertificateValidation` in `TransportOptions`.
+
 ### Breaking Changes
 
 ### Bugs Fixed
diff --git a/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp b/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp
index bbd6db90a0..f23c6ef82e 100644
--- a/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp
+++ b/sdk/core/azure-core/inc/azure/core/http/policies/policy.hpp
@@ -173,6 +173,19 @@ namespace Azure { namespace Core { namespace Http { namespace Policies {
      */
     bool EnableCertificateRevocationListCheck{false};
 
+    /**
+     * @brief Disable SSL/TLS certificate verification. This option allows transport layer to
+     * perform insecure SSL/TLS connections and skip SSL/TLS certificate checks while still having
+     * SSL/TLS-encrypted communications.
+     *
+     * @remark Disabling TLS security is generally a bad idea because it allows malicious actors to
+     * spoof the target server and should never be enabled in production code.
+     *
+     * @remark This field is only used if the customer has not specified a default transport
+     * adapter. If the customer has set a Transport adapter, this option is ignored.
+     */
+    bool DisableTlsCertificateValidation{false};
+
     /**
      * @brief Base64 encoded DER representation of an X.509 certificate expected in the certificate
      * chain used in TLS connections.
diff --git a/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp b/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp
index 9ce13dd502..1efdbc17b8 100644
--- a/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp
+++ b/sdk/core/azure-core/inc/azure/core/http/win_http_transport.hpp
@@ -70,6 +70,11 @@ namespace Azure { namespace Core {
        */
       bool IgnoreUnknownCertificateAuthority{false};
 
+      /**
+       * @brief When `true`, allows an invalid common name in a certificate.
+       */
+      bool IgnoreInvalidCertificateCommonName{false};
+
       /**
        * Proxy information.
        */
diff --git a/sdk/core/azure-core/src/http/curl/curl.cpp b/sdk/core/azure-core/src/http/curl/curl.cpp
index facbe359b9..357bb5e50f 100644
--- a/sdk/core/azure-core/src/http/curl/curl.cpp
+++ b/sdk/core/azure-core/src/http/curl/curl.cpp
@@ -311,6 +311,7 @@ Azure::Core::Http::CurlTransportOptions CurlTransportOptionsFromTransportOptions
     curlOptions.SslOptions.PemEncodedExpectedRootCertificates
         = PemEncodeFromBase64(transportOptions.ExpectedTlsRootCertificate, "CERTIFICATE");
   }
+  curlOptions.SslVerifyPeer = !transportOptions.DisableTlsCertificateValidation;
   return curlOptions;
 }
 
diff --git a/sdk/core/azure-core/src/http/transport_policy.cpp b/sdk/core/azure-core/src/http/transport_policy.cpp
index 119dc31683..ef001d07e8 100644
--- a/sdk/core/azure-core/src/http/transport_policy.cpp
+++ b/sdk/core/azure-core/src/http/transport_policy.cpp
@@ -28,11 +28,11 @@ namespace Azure { namespace Core { namespace Http { namespace Policies { namespa
      */
     bool AreAnyTransportOptionsSpecified(TransportOptions const& transportOptions)
     {
-      return (
-          transportOptions.HttpProxy.HasValue() || transportOptions.ProxyPassword.HasValue()
-          || transportOptions.ProxyUserName.HasValue()
-          || transportOptions.EnableCertificateRevocationListCheck
-          || !transportOptions.ExpectedTlsRootCertificate.empty());
+      return (transportOptions.HttpProxy.HasValue() || transportOptions.ProxyPassword.HasValue()
+              || transportOptions.ProxyUserName.HasValue()
+              || transportOptions.EnableCertificateRevocationListCheck
+              || !transportOptions.ExpectedTlsRootCertificate.empty())
+          || transportOptions.DisableTlsCertificateValidation;
     }
   } // namespace
 
diff --git a/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp b/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
index 236b921479..26481b88d7 100644
--- a/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
+++ b/sdk/core/azure-core/src/http/winhttp/win_http_transport.cpp
@@ -765,6 +765,12 @@ WinHttpTransportOptions WinHttpTransportOptionsFromTransportOptions(
     httpOptions.IgnoreUnknownCertificateAuthority = true;
   }
 
+  if (transportOptions.DisableTlsCertificateValidation)
+  {
+    httpOptions.IgnoreUnknownCertificateAuthority = true;
+    httpOptions.IgnoreInvalidCertificateCommonName = true;
+  }
+
   return httpOptions;
 }
 } // namespace
@@ -918,6 +924,16 @@ _detail::WinHttpRequest::WinHttpRequest(
     }
   }
 
+  if (options.IgnoreInvalidCertificateCommonName)
+  {
+    auto option = SECURITY_FLAG_IGNORE_CERT_CN_INVALID;
+    if (!WinHttpSetOption(
+            m_requestHandle.get(), WINHTTP_OPTION_SECURITY_FLAGS, &option, sizeof(option)))
+    {
+      GetErrorAndThrow("Error while setting ignore invalid certificate common name.");
+    }
+  }
+
   if (options.EnableCertificateRevocationListCheck)
   {
     DWORD value = WINHTTP_ENABLE_SSL_REVOCATION;