diff --git a/awx/main/conf.py b/awx/main/conf.py
index 9ae86d6a40..33ed4d9e13 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -514,6 +514,17 @@ register(
     category_slug='jobs'
 )
 
+register(
+    'GALAXY_IGNORE_CERTS',
+    field_class=fields.BooleanField,
+    default=False,
+    label=_('Ignore Ansible Galaxy SSL Certificate Verification'),
+    help_text=_('If set to true, certificate validation will not be done when'
+                'installing content from any Galaxy server.'),
+    category=_('Jobs'),
+    category_slug='jobs'
+)
+
 register(
     'STDOUT_MAX_BYTES_DISPLAY',
     field_class=fields.IntegerField,
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index ad7d43e4a3..3a99d477dd 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1938,7 +1938,8 @@ class RunProjectUpdate(BaseTask):
         env['TMP'] = settings.AWX_PROOT_BASE_PATH
         env['PROJECT_UPDATE_ID'] = str(project_update.pk)
         env['ANSIBLE_CALLBACK_PLUGINS'] = self.get_path_to('..', 'plugins', 'callback')
-        env['ANSIBLE_GALAXY_IGNORE'] = True
+        if settings.GALAXY_IGNORE_CERTS:
+            env['ANSIBLE_GALAXY_IGNORE'] = True
         # Set up the public Galaxy server, if enabled
         if settings.PUBLIC_GALAXY_ENABLED:
             galaxy_servers = [settings.PUBLIC_GALAXY_SERVER]
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 891331f65c..d105828225 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -605,6 +605,9 @@ PUBLIC_GALAXY_SERVER = {
     'url': 'https://galaxy.ansible.com'
 }
 
+# Applies to any galaxy server
+GALAXY_IGNORE_CERTS = False
+
 # List of dicts of fallback (additional) Galaxy servers.  If configured, these
 # will be higher precedence than public Galaxy, but lower than primary Galaxy.
 # Available options: 'id', 'url', 'username', 'password', 'token', 'auth_url'