diff --git a/cmd/main.go b/cmd/main.go
index 5cbdefc..583a777 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -2,13 +2,14 @@ package main
 
 import (
 	"flag"
+	"os"
+	"os/signal"
+	"syscall"
+
 	"github.com/armbian/redirector"
 	"github.com/armbian/redirector/util"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
-	"os"
-	"os/signal"
-	"syscall"
 )
 
 var (
@@ -64,7 +65,7 @@ func main() {
 
 		log.Info("Updating root certificates")
 
-		certs, err := util.LoadCACerts()
+		certs, err := util.LoadCACerts(config.CertDataPath)
 
 		if err != nil {
 			log.WithError(err).Error("Unable to load certificates")
diff --git a/config.go b/config.go
index a9dd0bc..d70c38d 100644
--- a/config.go
+++ b/config.go
@@ -28,6 +28,10 @@ type Config struct {
 	// GeoDBPath is the path to the MaxMind GeoLite2 City DB.
 	GeoDBPath string `mapstructure:"geodb"`
 
+	// CertDataPath is the path to fetch CA certs from system.
+	// If empty, CAs will be fetched from Mozilla directly.
+	CertDataPath string `mapstructure:"certDataPath"`
+
 	// ASNDBPath is the path to the GeoLite2 ASN DB.
 	ASNDBPath string `mapstructure:"asndb"`
 
diff --git a/util/certificates.go b/util/certificates.go
index 307a135..e471d6d 100644
--- a/util/certificates.go
+++ b/util/certificates.go
@@ -1,10 +1,14 @@
 package util
 
 import (
+	"bytes"
 	"crypto/x509"
+	"io"
+	"net/http"
+	"os"
+
 	"github.com/gwatts/rootcerts/certparse"
 	log "github.com/sirupsen/logrus"
-	"net/http"
 )
 
 const (
@@ -12,16 +16,31 @@ const (
 )
 
 // LoadCACerts loads the certdata from Mozilla and parses it into a CertPool.
-func LoadCACerts() (*x509.CertPool, error) {
-	res, err := http.Get(defaultDownloadURL)
+func LoadCACerts(certPath string) (*x509.CertPool, error) {
+	var certContents io.Reader
 
-	if err != nil {
-		return nil, err
+	if certPath != "" {
+		res, err := os.ReadFile(certPath)
+
+		if err != nil {
+			return nil, err
+		}
+
+		certContents = io.NopCloser(bytes.NewReader(res))
+	} else {
+
+		res, err := http.Get(defaultDownloadURL)
+
+		if err != nil {
+			return nil, err
+		}
+
+		defer res.Body.Close()
+
+		certContents = res.Body
 	}
 
-	defer res.Body.Close()
-
-	certs, err := certparse.ReadTrustedCerts(res.Body)
+	certs, err := certparse.ReadTrustedCerts(certContents)
 
 	if err != nil {
 		return nil, err