diff --git a/weed/command/scaffold/security.toml b/weed/command/scaffold/security.toml
index e70ce31bf..6c8aaa475 100644
--- a/weed/command/scaffold/security.toml
+++ b/weed/command/scaffold/security.toml
@@ -135,6 +135,7 @@ enabled = false  # Set to true to enable HTTPS for all outgoing HTTP client conn
 cert = ""        # Client certificate for mTLS (optional if server doesn't require client cert)
 key = ""         # Client key for mTLS (optional if server doesn't require client cert)
 ca = ""          # CA certificate to verify server certificates (required when enabled=true)
+insecure_skip_verify = false  # Skip TLS certificate verification (NOT recommended for production)
 
 # Volume server HTTPS options (server-side)
 # Enables HTTPS for incoming HTTP connections to volume server
diff --git a/weed/util/http/client/http_client.go b/weed/util/http/client/http_client.go
index 661df582e..ca908763f 100644
--- a/weed/util/http/client/http_client.go
+++ b/weed/util/http/client/http_client.go
@@ -126,6 +126,13 @@ func NewHttpClient(clientName ClientName, opts ...HttpClientOpt) (*HTTPClient, e
 				tlsConfig.Certificates = append(tlsConfig.Certificates, *clientCertPair)
 			}
 		}
+
+		if getBoolOptionFromSecurityConfiguration(clientName, "insecure_skip_verify") {
+			if tlsConfig == nil {
+				tlsConfig = &tls.Config{}
+			}
+			tlsConfig.InsecureSkipVerify = true
+		}
 	}
 
 	httpClient.Transport = &http.Transport{