diff --git a/Libraries/LibGemini/GeminiJob.cpp b/Libraries/LibGemini/GeminiJob.cpp
index dd5a27dbc4..68464cc102 100644
--- a/Libraries/LibGemini/GeminiJob.cpp
+++ b/Libraries/LibGemini/GeminiJob.cpp
@@ -39,6 +39,7 @@ void GeminiJob::start()
 {
     ASSERT(!m_socket);
     m_socket = TLS::TLSv12::construct(this);
+    m_socket->set_root_certificates(m_override_ca_certificates ? *m_override_ca_certificates : DefaultRootCACertificates::the().certificates());
     m_socket->on_tls_connected = [this] {
 #ifdef GEMINIJOB_DEBUG
         dbg() << "GeminiJob: on_connected callback";
diff --git a/Libraries/LibGemini/GeminiJob.h b/Libraries/LibGemini/GeminiJob.h
index aaf744495a..6d14371afc 100644
--- a/Libraries/LibGemini/GeminiJob.h
+++ b/Libraries/LibGemini/GeminiJob.h
@@ -37,8 +37,9 @@ namespace Gemini {
 class GeminiJob final : public Job {
     C_OBJECT(GeminiJob)
 public:
-    explicit GeminiJob(const GeminiRequest& request)
+    explicit GeminiJob(const GeminiRequest& request, const Vector<Certificate>* override_certificates = nullptr)
         : Job(request)
+        , m_override_ca_certificates(override_certificates)
     {
     }
 
@@ -67,6 +68,7 @@ protected:
 
 private:
     RefPtr<TLS::TLSv12> m_socket;
+    const Vector<Certificate>* m_override_ca_certificates { nullptr };
 };
 
 }
diff --git a/Libraries/LibHTTP/HttpsJob.cpp b/Libraries/LibHTTP/HttpsJob.cpp
index 29cd0ac39c..87e4b086e9 100644
--- a/Libraries/LibHTTP/HttpsJob.cpp
+++ b/Libraries/LibHTTP/HttpsJob.cpp
@@ -40,6 +40,7 @@ void HttpsJob::start()
 {
     ASSERT(!m_socket);
     m_socket = TLS::TLSv12::construct(this);
+    m_socket->set_root_certificates(m_override_ca_certificates ? *m_override_ca_certificates : DefaultRootCACertificates::the().certificates());
     m_socket->on_tls_connected = [this] {
 #ifdef HTTPSJOB_DEBUG
         dbg() << "HttpsJob: on_connected callback";
diff --git a/Libraries/LibHTTP/HttpsJob.h b/Libraries/LibHTTP/HttpsJob.h
index 02ad33d814..e78e1b8746 100644
--- a/Libraries/LibHTTP/HttpsJob.h
+++ b/Libraries/LibHTTP/HttpsJob.h
@@ -38,8 +38,9 @@ namespace HTTP {
 class HttpsJob final : public Job {
     C_OBJECT(HttpsJob)
 public:
-    explicit HttpsJob(const HttpRequest& request)
+    explicit HttpsJob(const HttpRequest& request, const Vector<Certificate>* override_certs = nullptr)
         : Job(request)
+        , m_override_ca_certificates(override_certs)
     {
     }
 
@@ -68,6 +69,7 @@ protected:
 
 private:
     RefPtr<TLS::TLSv12> m_socket;
+    const Vector<Certificate>* m_override_ca_certificates { nullptr };
 };
 
 }
diff --git a/Services/ProtocolServer/main.cpp b/Services/ProtocolServer/main.cpp
index df027e45dc..8b4b92a0f7 100644
--- a/Services/ProtocolServer/main.cpp
+++ b/Services/ProtocolServer/main.cpp
@@ -27,6 +27,7 @@
 #include <LibCore/EventLoop.h>
 #include <LibCore/LocalServer.h>
 #include <LibIPC/ClientConnection.h>
+#include <LibTLS/Certificate.h>
 #include <ProtocolServer/ClientConnection.h>
 #include <ProtocolServer/GeminiProtocol.h>
 #include <ProtocolServer/HttpProtocol.h>
@@ -38,6 +39,10 @@ int main(int, char**)
         perror("pledge");
         return 1;
     }
+
+    // Ensure the certificates are read out here.
+    (void)DefaultRootCACertificates::the();
+
     Core::EventLoop event_loop;
     // FIXME: Establish a connection to LookupServer and then drop "unix"?
     if (pledge("stdio inet shared_buffer accept unix", nullptr) < 0) {