diff --git a/src/connection.ts b/src/connection.ts
index 353744dfb..08ef377f6 100644
--- a/src/connection.ts
+++ b/src/connection.ts
@@ -779,6 +779,14 @@ export interface ConnectionOptions {
    */
   rowCollectionOnRequestCompletion?: boolean;
 
+  /**
+   * A string, that will allow user to provide their custom Common Name (CN) which matches a Common Name (CN)
+   * present in the server certificate.
+   *
+   * (no default)
+   */
+  serverName?: string;
+
   /**
    * The version of TDS to use. If server doesn't support specified version, negotiated version is used instead.
    *
@@ -1620,6 +1628,13 @@ class Connection extends EventEmitter {
         this.config.options.rowCollectionOnRequestCompletion = config.options.rowCollectionOnRequestCompletion;
       }
 
+      if (config.options.serverName !== undefined) {
+        if (typeof config.options.serverName !== 'string') {
+          throw new TypeError('The "config.options.serverName" property must be of type string.');
+        }
+        this.config.options.serverName = config.options.serverName;
+      }
+
       if (config.options.tdsVersion !== undefined) {
         if (typeof config.options.tdsVersion !== 'string') {
           throw new TypeError('The "config.options.tdsVersion" property must be of type string.');
@@ -3170,7 +3185,7 @@ Connection.prototype.STATE = {
 
           try {
             this.transitionTo(this.STATE.SENT_TLSSSLNEGOTIATION);
-            await this.messageIo.startTls(this.secureContextOptions, this.routingData?.server ?? this.config.server, this.config.options.trustServerCertificate);
+            await this.messageIo.startTls(this.secureContextOptions, this.config.options.serverName ? this.config.options.serverName : this.routingData?.server ?? this.config.server, this.config.options.trustServerCertificate);
           } catch (err: any) {
             return this.socketError(err);
           }