diff --git a/core/cmdbsource.class.inc.php b/core/cmdbsource.class.inc.php
index f90c47d1b..a37429c30 100644
--- a/core/cmdbsource.class.inc.php
+++ b/core/cmdbsource.class.inc.php
@@ -117,6 +117,7 @@ class CMDBSource
 	protected static $m_sDBTlsCA;
 	protected static $m_sDBTlsCaPath;
 	protected static $m_sDBTlsCipher;
+	protected static $m_bDBTlsVerifyServerCert;
 	/** @var mysqli $m_oMysqli */
 	protected static $m_oMysqli;
 
@@ -138,8 +139,10 @@ class CMDBSource
 		$sTlsCA = $oConfig->Get('db_tls.ca');
 		$sTlsCaPath = $oConfig->Get('db_tls.capath');
 		$sTlsCipher = $oConfig->Get('db_tls.cipher');
+		$sTlsVerifyServerCert = $oConfig->Get('db_tls.verify_server_cert');
 
-		self::Init($sServer, $sUser, $sPwd, $sSource, $sTlsKey, $sTlsCert, $sTlsCA, $sTlsCaPath, $sTlsCipher);
+		self::Init($sServer, $sUser, $sPwd, $sSource, $sTlsKey, $sTlsCert, $sTlsCA, $sTlsCaPath, $sTlsCipher,
+			$sTlsVerifyServerCert);
 
 		$sCharacterSet = $oConfig->Get('db_character_set');
 		$sCollation = $oConfig->Get('db_collation');
@@ -156,12 +159,13 @@ class CMDBSource
 	 * @param string $sTlsCA
 	 * @param string $sTlsCaPath
 	 * @param string $sTlsCipher
+	 * @param bool $sTlsVerifyServerCert
 	 *
 	 * @throws \MySQLException
 	 */
 	public static function Init(
 		$sServer, $sUser, $sPwd, $sSource = '', $sTlsKey = null, $sTlsCert = null, $sTlsCA = null, $sTlsCaPath = null,
-		$sTlsCipher = null
+		$sTlsCipher = null, $sTlsVerifyServerCert = false
 	)
 	{
 		self::$m_sDBHost = $sServer;
@@ -173,9 +177,10 @@ class CMDBSource
 		self::$m_sDBTlsCA = empty($sTlsCA) ? null : $sTlsCA;
 		self::$m_sDBTlsCaPath = empty($sTlsCaPath) ? null : $sTlsCaPath;
 		self::$m_sDBTlsCipher = empty($sTlsCipher) ? null : $sTlsCipher;
+		self::$m_bDBTlsVerifyServerCert = empty($sTlsVerifyServerCert) ? null : $sTlsVerifyServerCert;
 
 		self::$m_oMysqli = self::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sTlsKey, $sTlsCert, $sTlsCA,
-			$sTlsCaPath, $sTlsCipher, true);
+			$sTlsCaPath, $sTlsCipher, true, $sTlsVerifyServerCert);
 	}
 
 	/**
@@ -188,14 +193,15 @@ class CMDBSource
 	 * @param string $sTlsCa
 	 * @param string $sTlsCaPath
 	 * @param string $sTlsCipher
-	 * @param boolean $bCheckTlsAfterConnection
+	 * @param bool $bCheckTlsAfterConnection
+	 * @param bool $bVerifyTlsServerCert Change the TLS flag used to connect : MYSQLI_CLIENT_SSL if true, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT if false (default)
 	 *
 	 * @return \mysqli
 	 * @throws \MySQLException
 	 */
 	public static function GetMysqliInstance(
 		$sServer, $sUser, $sPwd, $sSource = '', $sTlsKey = null, $sTlsCert = null, $sTlsCa = null, $sTlsCaPath = null,
-		$sTlsCipher = null, $bCheckTlsAfterConnection = false
+		$sTlsCipher = null, $bCheckTlsAfterConnection = false, $bVerifyTlsServerCert = false
 	) {
 		$oMysqli = null;
 
@@ -217,7 +223,9 @@ class CMDBSource
 
 			if ($bTlsEnabled)
 			{
-				$iFlags = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; // instead of MYSQLI_CLIENT_SSL
+				$iFlags = ($bVerifyTlsServerCert)
+					? MYSQLI_CLIENT_SSL
+					: MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
 				$oMysqli->ssl_set($sTlsKey, $sTlsCert, $sTlsCa, $sTlsCaPath, $sTlsCipher);
 			}
 			$oMysqli->real_connect($sServer, $sUser, $sPwd, '', $iPort,
diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index 418a60aab..b5286f339 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -186,6 +186,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		),
+		'db_tls.verify_server_cert' => array(
+			'type' => 'bool',
+			'description' => 'Change the TLS flag used to connect : MYSQLI_CLIENT_SSL if true, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT if false (default)',
+			'default' => false,
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		),
 		'db_character_set' => array(
 			'type' => 'string',
 			'default' => null,
diff --git a/core/mutex.class.inc.php b/core/mutex.class.inc.php
index 8eb6e2e63..7d2c3fff9 100644
--- a/core/mutex.class.inc.php
+++ b/core/mutex.class.inc.php
@@ -45,11 +45,12 @@ class iTopMutex
 	protected $sDBTlsCA;
 	protected $sDBTlsCaPath;
 	protected $sDBTlsCipher;
+	protected $bDBTlsVerifyServerCert;
 	static protected $aAcquiredLocks = array(); // Number of instances of the Mutex, having the lock, in this page
 
 	public function __construct(
 		$sName, $sDBHost = null, $sDBUser = null, $sDBPwd = null, $sDBTlsKey = null, $sDBTlsCert = null,
-		$sDBTlsCA = null, $sDBTlsCaPath = null, $sDBTlsCypher = null
+		$sDBTlsCA = null, $sDBTlsCaPath = null, $sDBTlsCypher = null, $bDBTlsVerifyServerCert = null
 	)
 	{
 		// Compute the name of a lock for mysql
@@ -70,6 +71,7 @@ class iTopMutex
 		$this->sDBTlsCA = is_null($sDBTlsCA) ? $oConfig->Get('db_tls.ca') : $sDBTlsCA;
 		$this->sDBTlsCaPath = is_null($sDBTlsCaPath) ? $oConfig->Get('db_tls.capath') : $sDBTlsCaPath;
 		$this->sDBTlsCipher = is_null($sDBTlsCypher) ? $oConfig->Get('db_tls.cipher') : $sDBTlsCypher;
+		$this->bDBTlsVerifyServerCert = is_null($bDBTlsVerifyServerCert) ? $oConfig->Get('db_tls.verify_server_cert') : $bDBTlsVerifyServerCert;
 
 		$this->sName = $sName;
 		if (substr($sName, -strlen($this->sDBName.$sDBSubname)) != $this->sDBName.$sDBSubname)
@@ -242,9 +244,12 @@ class iTopMutex
 		$sTlsCA = $this->sDBTlsCA;
 		$sTlsCaPath = $this->sDBTlsCaPath;
 		$sTlsCipher = $this->sDBTlsCipher;
+		$bTlsVerifyServerCert = $this->bDBTlsVerifyServerCert;
+		$bDBTlsVerifyServerCert = $this->bDBTlsVerifyServerCert;
 
-		$this->hDBLink = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sTlsKey, $sTlsCert, $sTlsCA,
-			$sTlsCaPath, $sTlsCipher, false);
+		$this->hDBLink = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource,
+			$sTlsKey, $sTlsCert, $sTlsCA, $sTlsCaPath, $sTlsCipher,
+			$bTlsVerifyServerCert, $bDBTlsVerifyServerCert);
 
 		if (!$this->hDBLink)
 		{
diff --git a/setup/backup.class.inc.php b/setup/backup.class.inc.php
index b5d1ba45c..a189ef793 100644
--- a/setup/backup.class.inc.php
+++ b/setup/backup.class.inc.php
@@ -533,11 +533,13 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			$sTlsCA = $oConfig->Get('db_tls.ca');
 			$sTlsCaPath = $oConfig->Get('db_tls.capath');
 			$sTlsCipher = $oConfig->Get('db_tls.cipher');
+			$bTlsVerifyServerCert = $oConfig->Get('db_tls.verify_server_cert');
 
 			try
 			{
-				$oMysqli = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sTlsKey, $sTlsCert,
-					$sTlsCA, $sTlsCaPath, $sTlsCipher, false);
+				$oMysqli = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource,
+					$sTlsKey, $sTlsCert, $sTlsCA, $sTlsCaPath, $sTlsCipher,
+					false, $bTlsVerifyServerCert);
 
 				if ($oMysqli->connect_errno)
 				{
diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php
index dfcb60f31..9b1c838c0 100644
--- a/setup/setuputils.class.inc.php
+++ b/setup/setuputils.class.inc.php
@@ -1165,7 +1165,8 @@ EOF
 		try
 		{
 			$oDBSource = new CMDBSource;
-			$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sTlsKey, $sTlsCert, $sTlsCA, $sTlsCipher);
+			$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sTlsKey, $sTlsCert, $sTlsCA, $sTlsCaPath, $sTlsCipher,
+				false);
 			$aResult['checks'][] = new CheckResult(CheckResult::INFO, "Connection to '$sDBServer' as '$sDBUser' successful.");
 			$aResult['checks'][] = new CheckResult(CheckResult::INFO, "Info - User privileges: ".($oDBSource->GetRawPrivileges()));
 
@@ -1279,16 +1280,20 @@ EOF
 	 * @param string $sTlsKey
 	 * @param string $sTlsCert
 	 * @param string $sTlsCa
+	 * @param string $sTlsCapath
+	 *
 	 * @param string $sTlsCipher
+	 *
 	 * @return string
-	 * @throws MySQLException
+	 * @throws \MySQLException
 	 */
 	static public function GetMySQLVersion(
-		$sDBServer, $sDBUser, $sDBPwd, $sTlsKey = null, $sTlsCert = null, $sTlsCa = null, $sTlsCipher = null
+		$sDBServer, $sDBUser, $sDBPwd, $sTlsKey = null, $sTlsCert = null, $sTlsCa = null, $sTlsCapath = null,
+		$sTlsCipher = null
 	)
 	{
 		$oDBSource = new CMDBSource;
-		$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sTlsKey, $sTlsCert, $sTlsCa, $sTlsCipher);
+		$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sTlsKey, $sTlsCert, $sTlsCa, $sTlsCapath, $sTlsCipher);
 		$sDBVersion = $oDBSource->GetDBVersion();
 		return $sDBVersion;
 	}
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index 765b70a3f..38cd9cdb8 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -2548,7 +2548,15 @@ class WizStepDone extends WizardStep
 		$sForm .= "<p style=\"text-align:center;width:100%\"><button id=\"enter_itop\" type=\"submit\">Enter ".ITOP_APPLICATION."</button></p>";
 		$sForm .= '</form>';
 		$sPHPVersion = phpversion();
-		$sMySQLVersion = SetupUtils::GetMySQLVersion($this->oWizard->GetParameter('db_server'), $this->oWizard->GetParameter('db_user'), $this->oWizard->GetParameter('db_pwd'));
+		$sMySQLVersion = SetupUtils::GetMySQLVersion(
+			$this->oWizard->GetParameter('db_server'),
+			$this->oWizard->GetParameter('db_user'),
+			$this->oWizard->GetParameter('db_pwd'),
+			$this->oWizard->GetParameter('db_tls_key'),
+			$this->oWizard->GetParameter('db_tls_cert'),
+			$this->oWizard->GetParameter('db_tls_ca'),
+			$this->oWizard->GetParameter('db_tls_capath'),
+			$this->oWizard->GetParameter('db_tls_cipher'));
 		$aParameters = json_decode($this->oWizard->GetParameter('selected_components', '{}'), true);
 		$sCompactWizChoices = array();
 		foreach($aParameters as $iStep => $aChoices)