diff --git a/Cargo.lock b/Cargo.lock
index 80f74f0..b88475f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -170,6 +170,12 @@ dependencies = [
  "rustc-demangle",
 ]
 
+[[package]]
+name = "base64"
+version = "0.21.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
+
 [[package]]
 name = "bindgen"
 version = "0.69.1"
@@ -226,6 +232,7 @@ dependencies = [
  "rodio",
  "rppal",
  "rustls",
+ "rustls-native-certs",
  "serde",
  "serde_json",
  "thiserror",
@@ -372,6 +379,16 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "core-foundation"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.6"
@@ -1152,6 +1169,12 @@ version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
 
+[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
 [[package]]
 name = "parking_lot"
 version = "0.12.1"
@@ -1399,6 +1422,27 @@ dependencies = [
  "sct",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.6.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile",
+ "schannel",
+ "security-framework",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
+dependencies = [
+ "base64",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
@@ -1424,6 +1468,15 @@ dependencies = [
  "winapi-util",
 ]
 
+[[package]]
+name = "schannel"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
@@ -1440,6 +1493,29 @@ dependencies = [
  "untrusted",
 ]
 
+[[package]]
+name = "security-framework"
+version = "2.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de"
+dependencies = [
+ "bitflags 1.3.2",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.20"
diff --git a/Cargo.toml b/Cargo.toml
index 30a5e8a..1e0a369 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -38,6 +38,7 @@ rand_distr = "0.4.3"
 regex = "1.7.1"
 lazy_static = "1.4.0"
 local-ip-address = "0.5.6"
+rustls-native-certs = "0.6.3"
 
 [profile.release]
 strip = "debuginfo"
diff --git a/src/subsystems/networker.rs b/src/subsystems/networker.rs
index 0335493..225797a 100644
--- a/src/subsystems/networker.rs
+++ b/src/subsystems/networker.rs
@@ -20,7 +20,7 @@ use tokio::time;
 use tokio_graceful_shutdown::{IntoSubsystem, SubsystemHandle};
 use tokio_io_timeout::TimeoutStream;
 use tokio_rustls::client::TlsStream;
-use tokio_rustls::rustls::{self, ClientConfig, OwnedTrustAnchor};
+use tokio_rustls::rustls::{self, ClientConfig};
 use tokio_rustls::TlsConnector;
 
 use crate::nfc::reader::Uid;
@@ -219,13 +219,9 @@ impl Networker {
         }
 
         let mut root_cert_store = rustls::RootCertStore::empty();
-        root_cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
-            OwnedTrustAnchor::from_subject_spki_name_constraints(
-                ta.subject,
-                ta.spki,
-                ta.name_constraints,
-            )
-        }));
+        for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs") {
+            root_cert_store.add(&rustls::Certificate(cert.0)).unwrap();
+        };
 
         let client_config = ClientConfig::builder()
             .with_safe_defaults()