diff --git a/Project.toml b/Project.toml
index bda78f7..e3a502c 100644
--- a/Project.toml
+++ b/Project.toml
@@ -7,6 +7,7 @@ version = "1.1.7"
 Dates = "ade2ca70-3891-5945-98fb-dc099432e06a"
 MbedTLS_jll = "c8ffd9c3-330d-5841-b78e-0817d7145fa1"
 MozillaCACerts_jll = "14a3606d-f60d-562e-9121-12d972cd8159"
+NetworkOptions = "ca575930-c2e3-43a9-ace4-1e988b2c1908"
 Random = "9a3f8284-a2c9-5f02-9a11-845980a1fd5c"
 Sockets = "6462fe0b-24de-5631-8697-dd941f90decc"
 
diff --git a/src/MbedTLS.jl b/src/MbedTLS.jl
index 365825c..70e4805 100644
--- a/src/MbedTLS.jl
+++ b/src/MbedTLS.jl
@@ -1,6 +1,6 @@
 module MbedTLS
 
-using Random, Sockets, MbedTLS_jll, MozillaCACerts_jll
+using Random, Sockets, MbedTLS_jll, MozillaCACerts_jll, NetworkOptions
 import Sockets: TCPSocket
 
 export
diff --git a/src/ssl.jl b/src/ssl.jl
index f4d9a0e..d4f736e 100644
--- a/src/ssl.jl
+++ b/src/ssl.jl
@@ -665,8 +665,8 @@ https://tls.mbed.org/api/ssl_8h.html#a4075f7de9877fd667bcfa2e819e33426
 """
 function ssl_check_pending(ctx::SSLContext)::Bool
     @lockdata ctx begin
-	return ccall((:mbedtls_ssl_check_pending, libmbedtls),
-		     Cint, (Ptr{Cvoid},), ctx.data) > 0
+    return ccall((:mbedtls_ssl_check_pending, libmbedtls),
+             Cint, (Ptr{Cvoid},), ctx.data) > 0
     end
 end
 
@@ -786,6 +786,8 @@ function __sslinit__()
     elseif haskey(ENV, "MBEDTLSJL_CERT_PEM_DIR")
         fallback = abspath(joinpath(ENV["MBEDTLSJL_CERT_PEM_DIR"], "cert.pem"))
         DEFAULT_CERT[] = read(fallback, String)
+    elseif NetworkOptions.ca_roots() !== nothing && isfile(NetworkOptions.ca_roots())
+        DEFAULT_CERT[] = read(NetworkOptions.ca_roots(), String)
     elseif isfile(MozillaCACerts_jll.cacert)
         DEFAULT_CERT[] = read(MozillaCACerts_jll.cacert, String)
     else