diff --git a/security/openconnect/Makefile b/security/openconnect/Makefile
index 282c83bdd..1c777209f 100644
--- a/security/openconnect/Makefile
+++ b/security/openconnect/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		openconnect
-PLUGIN_VERSION=		1.0
+PLUGIN_VERSION=		1.1
 PLUGIN_COMMENT=		OpenConnect Client
 PLUGIN_DEPENDS=		openconnect
 PLUGIN_MAINTAINER=	m.muenz@gmail.com
diff --git a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
index 2e2c60bfd..56a472801 100644
--- a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
+++ b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
@@ -23,4 +23,16 @@
         <type>password</type>
         <help>The password name for this connection. Be aware that it will stored in cleartext on this device.</help>
     </field>
+    <field>
+        <id>general.servercert</id>
+        <label>Certificate Hash</label>
+        <type>text</type>
+        <help>If you have a wildcard certificate or the CA is untrusted, you have to enter the SHA hash of the certificate to force a connect.</help>
+    </field>
+    <field>
+        <id>general.hash</id>
+        <label>Certificate Hash Type</label>
+        <type>dropdown</type>
+        <help>Select the type of hash. Possible values are SHA256 or SHA1.</help>
+    </field>
 </form>
diff --git a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
index 22a96795f..2a70b9bfc 100644
--- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
+++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
@@ -1,7 +1,7 @@
 <model>
     <mount>//OPNsense/openconnect/general</mount>
     <description>Openconnect configuration</description>
-    <version>1.0.0</version>
+    <version>1.0.1</version>
     <items>
         <enabled type="BooleanField">
             <default>0</default>
@@ -23,5 +23,19 @@
             <default>password</default>
             <Required>Y</Required>
         </password>
+        <servercert type="TextField">
+            <Required>N</Required>
+            <mask>/^[a-z0-9]{40,64}$/</mask>
+            <ValidationMessage>Please provide a valid hash.</ValidationMessage>
+        </servercert>
+        <hash type="OptionField">
+            <default>sha256</default>
+            <multiple>N</multiple>
+            <Required>Y</Required>
+                <OptionValues>
+                    <sha256>SHA256</sha256>
+                    <sha1>SHA1</sha1>
+                </OptionValues>
+        </hash>
     </items>
 </model>
diff --git a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
index b85015237..b03dd087f 100644
--- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
+++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
@@ -8,4 +8,7 @@ quiet
 interface=tun30000
 syslog
 passwd-on-stdin
+{%   if helpers.exists('OPNsense.openconnect.general.servercert') and OPNsense.openconnect.general.servercert != '' %}
+servercert={{ OPNsense.openconnect.general.hash }}:{{ OPNsense.openconnect.general.servercert }}
+{%   endif %}
 {% endif %}