diff --git a/CHANGES/1305.bugfix b/CHANGES/1305.bugfix
new file mode 100644
index 000000000..0a0efdeab
--- /dev/null
+++ b/CHANGES/1305.bugfix
@@ -0,0 +1 @@
+Disabled TLS validation, if opted out in a remote, when syncing signatures.
diff --git a/pulp_container/app/downloaders.py b/pulp_container/app/downloaders.py
index 83959ed06..cd34a7aed 100644
--- a/pulp_container/app/downloaders.py
+++ b/pulp_container/app/downloaders.py
@@ -1,6 +1,7 @@
 import aiohttp
 import asyncio
 import json
+import ssl
 import re
 
 from aiohttp.client_exceptions import ClientResponseError
@@ -200,6 +201,12 @@ def _make_aiohttp_session_from_remote(self):
         """
         tcp_conn_opts = {"force_close": True}
 
+        if not self._remote.tls_validation:
+            sslcontext = ssl.create_default_context()
+            sslcontext.check_hostname = False
+            sslcontext.verify_mode = ssl.CERT_NONE
+            tcp_conn_opts["ssl_context"] = sslcontext
+
         headers = MultiDict({"User-Agent": NoAuthDownloaderFactory.user_agent()})
         if self._remote.headers is not None:
             for header_dict in self._remote.headers:
diff --git a/pulp_container/app/tasks/sync_stages.py b/pulp_container/app/tasks/sync_stages.py
index cb1739c51..e6ead182f 100644
--- a/pulp_container/app/tasks/sync_stages.py
+++ b/pulp_container/app/tasks/sync_stages.py
@@ -221,8 +221,8 @@ async def get_signature_source(self):
             result = await extension_check_downloader.run()
             response_headers = result.headers
         except aiohttp.client_exceptions.ClientResponseError as exc:
-            if exc.status == 401:
-                response_headers = dict(exc.headers)
+            # ignore all HTTP errors, focus on the headers
+            response_headers = dict(exc.headers)
         if response_headers.get(SIGNATURE_HEADER) == "1":
             return SIGNATURE_SOURCE.API_EXTENSION