diff --git a/cmd/replicate-add.go b/cmd/replicate-add.go
index 8cb2695c21..3fadcdc969 100644
--- a/cmd/replicate-add.go
+++ b/cmd/replicate-add.go
@@ -98,6 +98,10 @@ var replicateAddFlags = []cli.Flag{
 		Name:  "disable-proxy",
 		Usage: "disable proxying in active-active replication. If unset, default behavior is to proxy",
 	},
+	cli.BoolFlag{
+		Name:  "insecure-tls,it",
+		Usage: "disable TLS certificate verification during replicate",
+	},
 }
 
 var replicateAddCmd = cli.Command{
@@ -125,18 +129,22 @@ EXAMPLES:
      {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \
          --priority 1 
 
-  3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags
+  3. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all operations in an active-active replication setup, with TLS disabled.
+     {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket \
+         --priority 1 --insecure-tls
+
+  4. Add replication configuration rule on bucket "mybucket" for alias "myminio" to replicate all objects with tags
      "key1=value1, key2=value2" to targetbucket synchronously with bandwidth set to 2 gigabits per second. 
      {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket  \
          --tags "key1=value1&key2=value2" --bandwidth "2G" --sync \
          --priority 1
 
-  4. Disable a replication configuration rule on bucket "mybucket" for alias "myminio".
+  5. Disable a replication configuration rule on bucket "mybucket" for alias "myminio".
      {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket  \
          --tags "key1=value1&key2=value2" \
          --priority 1 --disable
 
-  5. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes
+  6. Add replication configuration rule with existing object replication, delete marker replication and versioned deletes
      enabled on bucket "mybucket" for alias "myminio".
      {{.Prompt}} {{.HelpName}} myminio/mybucket --remote-bucket https://foobar:foo12345@minio.siteb.example.com/targetbucket  \
          --replicate "existing-objects,delete,delete-marker" \
@@ -257,6 +265,7 @@ func fetchRemoteTarget(cli *cli.Context) (bktTarget *madmin.BucketTarget) {
 		ReplicationSync:     cli.Bool("sync"),
 		DisableProxy:        disableproxy,
 		HealthCheckDuration: time.Duration(cli.Uint("healthcheck-seconds")) * time.Second,
+		InsecureTLS:         cli.Bool("insecure-tls"),
 	}
 	return bktTarget
 }
diff --git a/cmd/replicate-update.go b/cmd/replicate-update.go
index 1ce2fe6a26..f62366f163 100644
--- a/cmd/replicate-update.go
+++ b/cmd/replicate-update.go
@@ -74,6 +74,11 @@ var replicateUpdateFlags = []cli.Flag{
 		Usage: "enable proxying in active-active replication, valid values are ['enable', 'disable']",
 		Value: "enable",
 	},
+	cli.StringFlag{
+		Name:  "tls",
+		Usage: "enable tls in active-active replication, valid values are ['enable', 'disable']",
+		Value: "enable",
+	},
 	cli.StringFlag{
 		Name:  "bandwidth",
 		Usage: "Set bandwidth limit in bytes per second (K,B,G,T for metric and Ki,Bi,Gi,Ti for IEC units)",
@@ -139,6 +144,10 @@ EXAMPLES:
   10. Disable proxying and enable synchronous replication for remote target of bucket mybucket with rule ID kxYD.492
      {{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:newpassword@minio.siteb.example.com/targetbucket \
          --sync "enable" --proxy "disable"
+
+  10. Disable tls replication for remote target of bucket mybucket with rule ID kxYD.492
+     {{.Prompt}} {{.HelpName}} myminio/mybucket --id "kxYD.492" --remote-bucket https://foobar:newpassword@minio.siteb.example.com/targetbucket \
+         --tls "disable"
 `,
 }
 
@@ -149,7 +158,7 @@ func checkReplicateUpdateSyntax(ctx *cli.Context) {
 	}
 }
 
-// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings
+// modifyRemoteTarget - modifies the dest credentials or updates sync , disable-proxy settings, enable TLS settings
 func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr string) (*madmin.BucketTarget, []madmin.TargetUpdateType) {
 	args := cli.Args()
 	foundIdx := -1
@@ -192,6 +201,17 @@ func modifyRemoteTarget(cli *cli.Context, targets []madmin.BucketTarget, arnStr
 			fatalIf(errInvalidArgument().Trace(args...), "--proxy can be either [enable|disable]")
 		}
 	}
+	if cli.IsSet("tls") {
+		tlsState := strings.ToLower(cli.String("tls"))
+		switch tlsState {
+		case "enable", "disable":
+			bktTarget.InsecureTLS = tlsState == "disable"
+			ops = append(ops, madmin.InsecureTLSUpdateType)
+
+		default:
+			fatalIf(errInvalidArgument().Trace(args...), "--tls can be either [enable|disable]")
+		}
+	}
 
 	if len(args) == 1 {
 		_, sourceBucket := url2Alias(args[0])
diff --git a/go.mod b/go.mod
index 7728ea1079..5b398006a7 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/minio/cli v1.24.2
 	github.com/minio/colorjson v1.0.8
 	github.com/minio/filepath v1.0.0
-	github.com/minio/madmin-go/v3 v3.0.107-0.20250415152934-4b504b82db63
+	github.com/minio/madmin-go/v3 v3.0.111-0.20251001033705-5b7ec259a9fb
 	github.com/minio/minio-go/v7 v7.0.90
 	github.com/minio/pkg/v3 v3.1.0
 	github.com/minio/selfupdate v0.6.0
diff --git a/go.sum b/go.sum
index 53cab31709..f07e499e43 100644
--- a/go.sum
+++ b/go.sum
@@ -142,8 +142,8 @@ github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY
 github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/filepath v1.0.0 h1:fvkJu1+6X+ECRA6G3+JJETj4QeAYO9sV43I79H8ubDY=
 github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEXx9T/Bw=
-github.com/minio/madmin-go/v3 v3.0.107-0.20250415152934-4b504b82db63 h1:ktN/FrMuM9sjvjIbPZYRKeHEzBDOXQdpYUDiNO0CutE=
-github.com/minio/madmin-go/v3 v3.0.107-0.20250415152934-4b504b82db63/go.mod h1:U0bL6ip4yKFwvo0keonUcWFQp0Hd462tOLLeVyPzWmE=
+github.com/minio/madmin-go/v3 v3.0.111-0.20251001033705-5b7ec259a9fb h1:GFmNqpQ3HWyElhronJ/ROvSccevnynRewsFZl4TZT6k=
+github.com/minio/madmin-go/v3 v3.0.111-0.20251001033705-5b7ec259a9fb/go.mod h1:WOe2kYmYl1OIlY2DSRHVQ8j1v4OItARQ6jGyQqcCud8=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v7 v7.0.90 h1:TmSj1083wtAD0kEYTx7a5pFsv3iRYMsOJ6A4crjA1lE=