diff --git a/changelog.d/16530.bugfix b/changelog.d/16530.bugfix
new file mode 100644
index 0000000000000000000000000000000000000000..503ea0af20cd0e5f1e2f29761f0606624ef45bf9
--- /dev/null
+++ b/changelog.d/16530.bugfix
@@ -0,0 +1 @@
+Force TLS certificate verification in user registration script.
diff --git a/synapse/_scripts/register_new_matrix_user.py b/synapse/_scripts/register_new_matrix_user.py
index 19ca399d446a0d95e6a3e671d6a3380d2a42c89e..92938086405c5d8a0a38a1306382183013f0fde6 100644
--- a/synapse/_scripts/register_new_matrix_user.py
+++ b/synapse/_scripts/register_new_matrix_user.py
@@ -50,7 +50,7 @@ def request_registration(
     url = "%s/_synapse/admin/v1/register" % (server_location.rstrip("/"),)
 
     # Get the nonce
-    r = requests.get(url, verify=False)
+    r = requests.get(url)
 
     if r.status_code != 200:
         _print("ERROR! Received %d %s" % (r.status_code, r.reason))
@@ -88,7 +88,7 @@ def request_registration(
     }
 
     _print("Sending registration request...")
-    r = requests.post(url, json=data, verify=False)
+    r = requests.post(url, json=data)
 
     if r.status_code != 200:
         _print("ERROR! Received %d %s" % (r.status_code, r.reason))