diff --git a/Userland/Libraries/LibTLS/Certificate.h b/Userland/Libraries/LibTLS/Certificate.h
index cfd931e8c9..77043d0715 100644
--- a/Userland/Libraries/LibTLS/Certificate.h
+++ b/Userland/Libraries/LibTLS/Certificate.h
@@ -292,10 +292,12 @@ public:
     Vector<Certificate> const& certificates() const { return m_ca_certificates; }
 
     static ErrorOr<Vector<Certificate>> parse_pem_root_certificate_authorities(ByteBuffer&);
-    static ErrorOr<Vector<Certificate>> load_certificates();
+    static ErrorOr<Vector<Certificate>> load_certificates(StringView custom_cert_path = {});
 
     static DefaultRootCACertificates& the();
 
+    static void set_default_certificate_path(String);
+
 private:
     Vector<Certificate> m_ca_certificates;
 };
diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp
index 5d7a94666d..0cfffedfea 100644
--- a/Userland/Libraries/LibTLS/TLSv12.cpp
+++ b/Userland/Libraries/LibTLS/TLSv12.cpp
@@ -489,9 +489,16 @@ Vector<Certificate> TLSv12::parse_pem_certificate(ReadonlyBytes certificate_pem_
     return { move(certificate) };
 }
 
+static String s_default_ca_certificate_path;
+
+void DefaultRootCACertificates::set_default_certificate_path(String path)
+{
+    s_default_ca_certificate_path = move(path);
+}
+
 DefaultRootCACertificates::DefaultRootCACertificates()
 {
-    auto load_result = load_certificates();
+    auto load_result = load_certificates(s_default_ca_certificate_path);
     if (load_result.is_error()) {
         dbgln("Failed to load CA Certificates: {}", load_result.error());
         return;
@@ -506,10 +513,16 @@ DefaultRootCACertificates& DefaultRootCACertificates::the()
     return s_the;
 }
 
-ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates()
+ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates(StringView custom_cert_path)
 {
-    auto cacert_file = TRY(Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read));
-    auto data = TRY(cacert_file->read_until_eof());
+    auto cacert_file_or_error = Core::File::open("/etc/cacert.pem"sv, Core::File::OpenMode::Read);
+    ByteBuffer data;
+    if (!cacert_file_or_error.is_error())
+        data = TRY(cacert_file_or_error.value()->read_until_eof());
+#ifdef AK_OS_SERENITY
+    else
+        return cacert_file_or_error.release_error();
+#endif
 
     auto user_cert_path = TRY(String::formatted("{}/.config/certs.pem", Core::StandardPaths::home_directory()));
     if (FileSystem::exists(user_cert_path)) {
@@ -517,6 +530,11 @@ ErrorOr<Vector<Certificate>> DefaultRootCACertificates::load_certificates()
         TRY(data.try_append(TRY(user_cert_file->read_until_eof())));
     }
 
+    if (!custom_cert_path.is_empty() && FileSystem::exists(custom_cert_path)) {
+        auto custom_cert_file = TRY(Core::File::open(custom_cert_path, Core::File::OpenMode::Read));
+        TRY(data.try_append(TRY(custom_cert_file->read_until_eof())));
+    }
+
     return TRY(parse_pem_root_certificate_authorities(data));
 }