diff --git a/networking/wget.c b/networking/wget.c
index 28c12540b..2c0905ecf 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -113,6 +113,9 @@
 //usage:#define wget_full_usage "\n\n"
 //usage:       "Retrieve files via HTTP or FTP\n"
 //usage:     "\n	-s	Spider mode - only check file existence"
+//usage:		IF_FEATURE_WGET_SSL_HELPER(
+//usage:     "\n	--no-check-certificate	Don't validate the server's certificate"
+//usage:		)
 //usage:     "\n	-c	Continue retrieval of aborted transfer"
 //usage:     "\n	-q	Quiet"
 //usage:     "\n	-P DIR	Save to DIR (default .)"
@@ -239,6 +242,7 @@ enum {
 	WGET_OPT_PASSIVE    = (1 << 9),
 	WGET_OPT_HEADER     = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 	WGET_OPT_POST_DATA  = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+	WGET_OPT_NO_CHECK_CERT = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 };
 
 enum {
@@ -633,6 +637,9 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 	int pid;
 	IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
 
+	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+		bb_error_msg_and_die("SSL/TLS certificate is not being validated!");
+
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
 		/* Kernel can have AF_UNIX support disabled */
 		bb_perror_msg_and_die("socketpair");
@@ -1238,10 +1245,9 @@ IF_FEATURE_WGET_TIMEOUT(
 IF_DESKTOP(	"tries\0"            Required_argument "t")
 		"header\0"           Required_argument "\xff"
 		"post-data\0"        Required_argument "\xfe"
+		"no-check-certificate\0" No_argument   "\xfc"
 		/* Ignored (we always use PASV): */
 IF_DESKTOP(	"passive-ftp\0"      No_argument       "\xf0")
-		/* Ignored (we don't do ssl) */
-IF_DESKTOP(	"no-check-certificate\0" No_argument   "\xf0")
 		/* Ignored (we don't support caching) */
 IF_DESKTOP(	"no-cache\0"         No_argument       "\xf0")
 IF_DESKTOP(	"no-verbose\0"       No_argument       "\xf0")