diff --git a/dev/helm/README.md b/dev/helm/README.md
index ae95ab45..72a7a3d9 100644
--- a/dev/helm/README.md
+++ b/dev/helm/README.md
@@ -125,6 +125,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
 | `postgresql.postgresqlPort`            | External postgres port                      | `5432`                                                     |
 | `postgresql.ssl`                       | Enable external postgres SSL connection     | `false`                                                   |
 | `postgresql.ca`                        | Certificate of Authority content for postgres  | `nil`                                                     |
+| `postgresql.rejectUnauthorized`                 | Reject self-signed CA certificate     | `true`                                                   |
 | `postgresql.persistence.enabled`                | Enable postgres persistence using PVC                | `true`                                                     |
 | `postgresql.persistence.existingClaim`          | Provide an existing `PersistentVolumeClaim` for postgres | `nil`                                                      |
 | `postgresql.persistence.storageClass`           | Postgres PVC Storage Class (example: `nfs`)                           | `nil`                 |
diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml
index cd637feb..87f59e8d 100644
--- a/dev/helm/templates/deployment.yaml
+++ b/dev/helm/templates/deployment.yaml
@@ -54,7 +54,7 @@ spec:
             - name: DB_SSL_CA
               value: "{{ default "" .Values.postgresql.ca }}"
             - name: DB_SSL_REJECTUNAUTHORIZED
-              value: "{{ default "true" .Values.postgresql.rejectUnauthorized }}"
+              value: "{{ hasKey .Values.postgresql "rejectUnauthorized" | ternary .Values.postgresql.rejectUnauthorized true }}"
             - name: DB_PASS
               valueFrom:
                 secretKeyRef:
diff --git a/server/core/db.js b/server/core/db.js
index 6e900c9d..49f6cdac 100644
--- a/server/core/db.js
+++ b/server/core/db.js
@@ -39,7 +39,12 @@ module.exports = {
 
     // Handle SSL Options
 
-    let dbUseSSL = (WIKI.config.db.ssl === true || WIKI.config.db.ssl === 'true' || WIKI.config.db.ssl === 1 || WIKI.config.db.ssl === '1')
+    let isTruthy = function(value) {
+      return (value === true || value === 'true' || value === 1 || value === '1')
+    }
+
+    let dbUseSSL = isTruthy(WIKI.config.db.ssl)
+    let rejectUnauthorized = !_.isEmpty(process.env.DB_SSL_REJECTUNAUTHORIZED) ? isTruthy(process.env.DB_SSL_REJECTUNAUTHORIZED) : true;
     let sslOptions = null
     if (dbUseSSL && _.isPlainObject(dbConfig) && _.get(WIKI.config.db, 'sslOptions.auto', null) === false) {
       sslOptions = WIKI.config.db.sslOptions
@@ -75,10 +80,7 @@ module.exports = {
       }
 
       dbUseSSL = true
-      sslOptions = {
-        rejectUnauthorized: [true, 'true', 1, '1'].includes(process.env.DB_SSL_REJECTUNAUTHORIZED),
-        ca,
-      }
+      sslOptions = { rejectUnauthorized, ca }
     }
 
     // Engine-specific config
@@ -87,7 +89,7 @@ module.exports = {
         dbClient = 'pg'
 
         if (dbUseSSL && _.isPlainObject(dbConfig)) {
-          dbConfig.ssl = (sslOptions === true) ? { rejectUnauthorized: true } : sslOptions
+          dbConfig.ssl = (sslOptions === true) ? { rejectUnauthorized } : sslOptions
         }
         break
       case 'mariadb':