diff --git a/docs/swagger.yaml b/docs/swagger.yaml
index 9bf728160..7415625bc 100644
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -2727,6 +2727,9 @@ definitions:
       email_ssl:
         type: boolean
         description: When it's set to true the system will access Email server via TLS by default.  If it's set to false, it still will handle "STARTTLS" from server side.
+      email_insecure:
+        type: boolean
+        description: Whether or not the certificate will be verified when Harbor tries to access the email server.
       ldap_url:
         type: string
         description: The URL of LDAP server.
diff --git a/src/adminserver/systemcfg/systemcfg.go b/src/adminserver/systemcfg/systemcfg.go
index 77e87b5bf..36fcb49f7 100644
--- a/src/adminserver/systemcfg/systemcfg.go
+++ b/src/adminserver/systemcfg/systemcfg.go
@@ -91,6 +91,10 @@ var (
 			env:   "EMAIL_SSL",
 			parse: parseStringToBool,
 		},
+		common.EmailInsecure: &parser{
+			env:   "EMAIL_INSECURE",
+			parse: parseStringToBool,
+		},
 		common.EmailFrom:     "EMAIL_FROM",
 		common.EmailIdentity: "EMAIL_IDENTITY",
 		common.RegistryURL:   "REGISTRY_URL",
diff --git a/src/common/const.go b/src/common/const.go
index 78516f003..f59b1d904 100644
--- a/src/common/const.go
+++ b/src/common/const.go
@@ -55,6 +55,7 @@ const (
 	EmailFrom                  = "email_from"
 	EmailSSL                   = "email_ssl"
 	EmailIdentity              = "email_identity"
+	EmailInsecure              = "email_insecure"
 	ProjectCreationRestriction = "project_creation_restriction"
 	VerifyRemoteCert           = "verify_remote_cert"
 	MaxJobWorkers              = "max_job_workers"
diff --git a/src/common/models/config.go b/src/common/models/config.go
index a2444e10d..ba5c91863 100644
--- a/src/common/models/config.go
+++ b/src/common/models/config.go
@@ -65,6 +65,7 @@ type Email struct {
 	SSL      bool   `json:"ssl"`
 	Identity string `json:"identity"`
 	From     string `json:"from"`
+	Insecure bool   `json:"insecure"`
 }
 
 /*
diff --git a/src/common/utils/test/adminserver.go b/src/common/utils/test/adminserver.go
index 862fdd653..69eaa5014 100644
--- a/src/common/utils/test/adminserver.go
+++ b/src/common/utils/test/adminserver.go
@@ -50,6 +50,7 @@ var adminServerDefaultConfig = map[string]interface{}{
 	common.EmailPassword:              "password",
 	common.EmailFrom:                  "from",
 	common.EmailSSL:                   true,
+	common.EmailInsecure:              false,
 	common.EmailIdentity:              "",
 	common.ProjectCreationRestriction: common.ProCrtRestrAdmOnly,
 	common.VerifyRemoteCert:           false,
diff --git a/src/ui/api/config.go b/src/ui/api/config.go
index 191dcc4f8..c76453dc8 100644
--- a/src/ui/api/config.go
+++ b/src/ui/api/config.go
@@ -47,6 +47,7 @@ var (
 		common.EmailFrom,
 		common.EmailSSL,
 		common.EmailIdentity,
+		common.EmailInsecure,
 		common.ProjectCreationRestriction,
 		common.VerifyRemoteCert,
 		common.TokenExpiration,
@@ -78,6 +79,7 @@ var (
 
 	boolKeys = []string{
 		common.EmailSSL,
+		common.EmailInsecure,
 		common.SelfRegistration,
 		common.VerifyRemoteCert,
 	}
diff --git a/src/ui/api/email.go b/src/ui/api/email.go
index f0ef12173..9dd3d67b8 100644
--- a/src/ui/api/email.go
+++ b/src/ui/api/email.go
@@ -51,7 +51,7 @@ func (e *EmailAPI) Prepare() {
 func (e *EmailAPI) Ping() {
 	var host, username, password, identity string
 	var port int
-	var ssl bool
+	var ssl, insecure bool
 	body := e.Ctx.Input.CopyBody(1 << 32)
 	if body == nil || len(body) == 0 {
 		cfg, err := config.Email()
@@ -66,6 +66,7 @@ func (e *EmailAPI) Ping() {
 		password = cfg.Password
 		identity = cfg.Identity
 		ssl = cfg.SSL
+		insecure = cfg.Insecure
 	} else {
 		settings := &struct {
 			Host     string  `json:"email_host"`
@@ -74,6 +75,7 @@ func (e *EmailAPI) Ping() {
 			Password *string `json:"email_password"`
 			SSL      bool    `json:"email_ssl"`
 			Identity string  `json:"email_identity"`
+			Insecure bool    `json:"email_insecure"`
 		}{}
 		e.DecodeJSONReq(&settings)
 
@@ -98,11 +100,12 @@ func (e *EmailAPI) Ping() {
 		password = *settings.Password
 		identity = settings.Identity
 		ssl = settings.SSL
+		insecure = settings.Insecure
 	}
 
 	addr := net.JoinHostPort(host, strconv.Itoa(port))
 	if err := email.Ping(addr, identity, username,
-		password, pingEmailTimeout, ssl, false); err != nil {
+		password, pingEmailTimeout, ssl, insecure); err != nil {
 		log.Debugf("ping %s failed: %v", addr, err)
 		e.CustomAbort(http.StatusBadRequest, err.Error())
 	}
diff --git a/src/ui/config/config.go b/src/ui/config/config.go
index f98b7ed96..47aeabe8b 100644
--- a/src/ui/config/config.go
+++ b/src/ui/config/config.go
@@ -298,6 +298,7 @@ func Email() (*models.Email, error) {
 	email.SSL = cfg[common.EmailSSL].(bool)
 	email.From = cfg[common.EmailFrom].(string)
 	email.Identity = cfg[common.EmailIdentity].(string)
+	email.Insecure = cfg[common.EmailInsecure].(bool)
 
 	return email, nil
 }
diff --git a/src/ui/controllers/base.go b/src/ui/controllers/base.go
index b83af84a5..bac64b5a4 100644
--- a/src/ui/controllers/base.go
+++ b/src/ui/controllers/base.go
@@ -171,7 +171,8 @@ func (cc *CommonController) SendEmail() {
 		settings.Username,
 		settings.Password,
 		60, settings.SSL,
-		false, settings.From,
+		settings.Insecure,
+		settings.From,
 		[]string{email},
 		"Reset Harbor user password",
 		message.String())