diff --git a/keyserver/addons/rust-node-addon/Cargo.lock b/keyserver/addons/rust-node-addon/Cargo.lock
--- a/keyserver/addons/rust-node-addon/Cargo.lock
+++ b/keyserver/addons/rust-node-addon/Cargo.lock
@@ -1422,6 +1422,7 @@
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -1678,6 +1679,15 @@
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki",
+]
+
 [[package]]
 name = "which"
 version = "4.4.0"
diff --git a/native/native_rust_library/Cargo.lock b/native/native_rust_library/Cargo.lock
--- a/native/native_rust_library/Cargo.lock
+++ b/native/native_rust_library/Cargo.lock
@@ -1106,7 +1106,7 @@
 dependencies = [
  "log",
  "ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.6",
  "sct",
 ]
 
@@ -1119,6 +1119,16 @@
  "base64",
 ]
 
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.6"
@@ -1440,6 +1450,7 @@
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -1696,6 +1707,15 @@
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
 [[package]]
 name = "which"
 version = "4.3.0"
diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock
--- a/services/identity/Cargo.lock
+++ b/services/identity/Cargo.lock
@@ -2278,7 +2278,7 @@
 dependencies = [
  "log",
  "ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.4",
  "sct",
 ]
 
@@ -2303,6 +2303,16 @@
  "base64",
 ]
 
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.4"
@@ -2815,6 +2825,7 @@
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -3192,6 +3203,15 @@
  "untrusted",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
 [[package]]
 name = "which"
 version = "4.4.0"
diff --git a/shared/grpc_clients/Cargo.lock b/shared/grpc_clients/Cargo.lock
--- a/shared/grpc_clients/Cargo.lock
+++ b/shared/grpc_clients/Cargo.lock
@@ -821,7 +821,7 @@
 dependencies = [
  "log",
  "ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.4",
  "sct",
 ]
 
@@ -834,6 +834,16 @@
  "base64",
 ]
 
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.4"
@@ -1074,6 +1084,7 @@
  "tower-layer",
  "tower-service",
  "tracing",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -1286,6 +1297,15 @@
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
 [[package]]
 name = "which"
 version = "4.4.0"
diff --git a/shared/grpc_clients/Cargo.toml b/shared/grpc_clients/Cargo.toml
--- a/shared/grpc_clients/Cargo.toml
+++ b/shared/grpc_clients/Cargo.toml
@@ -6,7 +6,7 @@
 [dependencies]
 derive_more = "0.99"
 prost = "0.11"
-tonic = { version = "0.9.1", features = ["tls"]}
+tonic = { version = "0.9.1", features = ["tls-webpki-roots"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3.16", features = ["env-filter"] }
 
diff --git a/shared/grpc_clients/src/lib.rs b/shared/grpc_clients/src/lib.rs
--- a/shared/grpc_clients/src/lib.rs
+++ b/shared/grpc_clients/src/lib.rs
@@ -6,43 +6,18 @@
 pub use tonic;
 
 use error::Error;
-use std::path::Path;
 use std::time::Duration;
-use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+use tonic::transport::Channel;
 use tracing::info;
 
-const CERT_PATHS: &[&str] = &[
-  // MacOS and newer Ubuntu
-  "/etc/ssl/cert.pem",
-  // Common CA cert paths
-  "/etc/ssl/certs/ca-bundle.crt",
-  "/etc/ssl/certs/ca-certificates.crt",
-];
 const CONNECT_TIMEOUT_DURATION: Duration = Duration::from_secs(5);
 
-pub(crate) fn get_ca_cert_contents() -> Option<String> {
-  CERT_PATHS
-    .iter()
-    .map(Path::new)
-    .filter(|p| p.exists())
-    .filter_map(|f| std::fs::read_to_string(f).ok())
-    .next()
-}
 pub(crate) async fn get_grpc_service_channel(
   url: &str,
 ) -> Result<Channel, Error> {
-  let ca_cert = crate::get_ca_cert_contents().expect("Unable to get CA bundle");
-
   info!("Connecting to gRPC service at {}", url);
-  let mut channel = Channel::from_shared(url.to_string())?
+  let channel = Channel::from_shared(url.to_string())?
     .connect_timeout(CONNECT_TIMEOUT_DURATION);
 
-  // tls_config will fail if the underlying URI is only http://
-  if url.starts_with("https:") {
-    channel = channel.tls_config(
-      ClientTlsConfig::new().ca_certificate(Certificate::from_pem(&ca_cert)),
-    )?
-  }
-
   Ok(channel.connect().await?)
 }