diff --git a/include/seastar/net/tls.hh b/include/seastar/net/tls.hh
index a6586594ba..704a50d5d0 100644
--- a/include/seastar/net/tls.hh
+++ b/include/seastar/net/tls.hh
@@ -221,6 +221,11 @@ namespace tls {
          */
         void set_dn_verification_callback(dn_callback);
 
+        /**
+         * Optional override to disable certificate verification
+         */
+        void set_enable_certificate_verification(bool enable);
+
     private:
         class impl;
         friend class session;
@@ -337,6 +342,10 @@ namespace tls {
         /// \brief server name to be used for the SNI TLS extension
         sstring server_name = {};
 
+        /// \brief whether server certificate should be verified. May be set to false
+        /// in test environments.
+        bool verify_certificate = true;
+
         /// \brief Optional session resume data. Must be retrieved via
         /// get_session_resume_data below.
         session_data session_resume_data;
diff --git a/src/net/tls.cc b/src/net/tls.cc
index 1ca6b70a2b..f1e3410d53 100644
--- a/src/net/tls.cc
+++ b/src/net/tls.cc
@@ -464,6 +464,11 @@ class tls::certificate_credentials::impl: public gnutlsobj {
     void set_dn_verification_callback(dn_callback cb) {
         _dn_callback = std::move(cb);
     }
+
+    void set_enable_certificate_verification(bool enable) {
+        _enable_certificate_verification = enable;
+    }
+
 private:
     friend class credentials_builder;
     friend class session;
@@ -488,6 +493,7 @@ class tls::certificate_credentials::impl: public gnutlsobj {
     bool _load_system_trust = false;
     semaphore _system_trust_sem {1};
     dn_callback _dn_callback;
+    bool _enable_certificate_verification = true;
     gnutls_datum _session_resume_key;
 };
 
@@ -566,6 +572,10 @@ void tls::certificate_credentials::set_dn_verification_callback(dn_callback cb)
     _impl->set_dn_verification_callback(std::move(cb));
 }
 
+void tls::certificate_credentials::set_enable_certificate_verification(bool enable) {
+    _impl->set_enable_certificate_verification(enable);
+}
+
 tls::server_credentials::server_credentials()
 #if GNUTLS_VERSION_NUMBER < 0x030600
     : server_credentials(dh_params{})
@@ -1288,6 +1298,10 @@ class session : public enable_lw_shared_from_this<session> {
     }
 
     void verify() {
+        if (!_creds->_enable_certificate_verification) {
+            return;
+        }
+
         unsigned int status;
         auto res = gnutls_certificate_verify_peers3(*this, _type != type::CLIENT || _options.server_name.empty()
                         ? nullptr : _options.server_name.c_str(), &status);