diff --git a/mobile/android/app/src/main/kotlin/app/alextran/immich/HttpSSLOptionsPlugin.kt b/mobile/android/app/src/main/kotlin/app/alextran/immich/HttpSSLOptionsPlugin.kt
index 44d2aee2ce703..b63bc505cb603 100644
--- a/mobile/android/app/src/main/kotlin/app/alextran/immich/HttpSSLOptionsPlugin.kt
+++ b/mobile/android/app/src/main/kotlin/app/alextran/immich/HttpSSLOptionsPlugin.kt
@@ -78,6 +78,19 @@ class HttpSSLOptionsPlugin : FlutterPlugin, MethodChannel.MethodCallHandler {
           result.success(true)
         }
 
+        "getUserCertificates" -> {
+          val userInstalledCaCertificates: List<X509Certificate> = try {
+            val keyStore = KeyStore.getInstance("AndroidCAStore")
+            keyStore.load(null, null)
+            val aliasList = keyStore.aliases().toList().filter { it.startsWith("user") }
+            aliasList.map { keyStore.getCertificate(it) as X509Certificate }
+          } catch (e: Exception) {
+            emptyList()
+          }
+          val mapOfBytes = userInstalledCaCertificates.associate { it.issuerX500Principal.name to it.encoded }
+          result.success(mapOfBytes)
+        }
+
         else -> result.notImplemented()
       }
     } catch (e: Throwable) {
diff --git a/mobile/lib/utils/http_ssl_options.dart b/mobile/lib/utils/http_ssl_options.dart
index 04c01d36d9d92..8004ff156fe58 100644
--- a/mobile/lib/utils/http_ssl_options.dart
+++ b/mobile/lib/utils/http_ssl_options.dart
@@ -1,3 +1,4 @@
+import 'dart:convert';
 import 'dart:io';
 
 import 'package:flutter/services.dart';
@@ -21,7 +22,7 @@ class HttpSSLOptions {
     _apply(newValue);
   }
 
-  static void _apply(bool allowSelfSignedSSLCert) {
+  static void _apply(bool allowSelfSignedSSLCert) async {
     String? serverHost;
     if (allowSelfSignedSSLCert && Store.tryGet(StoreKey.currentUser) != null) {
       serverHost = Uri.parse(Store.tryGet(StoreKey.serverEndpoint) ?? "").host;
@@ -42,6 +43,23 @@ class HttpSSLOptions {
         final log = Logger("HttpSSLOptions");
         log.severe('Failed to set SSL options', e.message);
       });
+
+      final res = await _channel
+          .invokeMethod("getUserCertificates")
+          .onError<PlatformException>((e, _) {
+        final log = Logger("HttpSSLOptions");
+        log.severe('Failed to load user certificates', e.message);
+      });
+      final certs = res?.cast<String, Uint8List>();
+      if (certs == null) {
+        return;
+      }
+      for (var entry in certs.entries) {
+        final pemData =
+            '-----BEGIN CERTIFICATE-----\n${base64Encode(entry.value)}\n-----END CERTIFICATE-----';
+        SecurityContext.defaultContext
+            .setTrustedCertificatesBytes(utf8.encode(pemData));
+      }
     }
   }
 }