diff --git a/pulsar/client_impl.go b/pulsar/client_impl.go
index 712e197205..7cac0977b9 100644
--- a/pulsar/client_impl.go
+++ b/pulsar/client_impl.go
@@ -75,6 +75,7 @@ func newClient(options ClientOptions) (Client, error) {
 			CertFile:                options.TLSCertificateFile,
 			TrustCertsFilePath:      options.TLSTrustCertsFilePath,
 			ValidateHostname:        options.TLSValidateHostname,
+			ServerName:              url.Hostname(),
 		}
 	default:
 		return nil, newError(InvalidConfiguration, fmt.Sprintf("Invalid URL scheme '%s'", url.Scheme))
diff --git a/pulsar/internal/connection.go b/pulsar/internal/connection.go
index 6ca462e745..c34f25d669 100644
--- a/pulsar/internal/connection.go
+++ b/pulsar/internal/connection.go
@@ -48,6 +48,7 @@ type TLSOptions struct {
 	TrustCertsFilePath      string
 	AllowInsecureConnection bool
 	ValidateHostname        bool
+	ServerName              string
 }
 
 var (
@@ -977,7 +978,12 @@ func (c *connection) getTLSConfig() (*tls.Config, error) {
 	}
 
 	if c.tlsOptions.ValidateHostname {
-		tlsConfig.ServerName = c.physicalAddr.Hostname()
+		if c.tlsOptions.ServerName != "" {
+			tlsConfig.ServerName = c.tlsOptions.ServerName
+		} else {
+			tlsConfig.ServerName = c.physicalAddr.Hostname()
+		}
+		c.log.Debugf("getTLSConfig(): setting tlsConfig.ServerName = %+v", tlsConfig.ServerName)
 	}
 
 	if c.tlsOptions.CertFile != "" || c.tlsOptions.KeyFile != "" {