diff --git a/lib/httpclient/ssl_config.rb b/lib/httpclient/ssl_config.rb
index c11dea2b..ac976361 100644
--- a/lib/httpclient/ssl_config.rb
+++ b/lib/httpclient/ssl_config.rb
@@ -146,6 +146,9 @@ def initialize(client)
       return unless SSLEnabled
       @client = client
       @cert_store = X509::Store.new
+      @cert_store.set_default_paths
+      @cacerts_loaded = working_openssl_platform?
+
       @cert_store_crl_items = []
       @client_cert = @client_key = @client_key_pass = @client_ca = nil
       @verify_mode = SSL::VERIFY_PEER | SSL::VERIFY_FAIL_IF_NO_PEER_CERT
@@ -162,7 +165,6 @@ def initialize(client)
       @options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
       # OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
       @ciphers = CIPHERS_DEFAULT
-      @cacerts_loaded = false
     end
 
     # Sets certificate and private key for SSL client authentication.
@@ -413,6 +415,10 @@ def change_notify
       nil
     end
 
+    def working_openssl_platform?
+      File.exist?(OpenSSL::X509::DEFAULT_CERT_FILE) && Dir.exist?(OpenSSL::X509::DEFAULT_CERT_DIR)
+    end
+
     # Use 2048 bit certs trust anchor
     def load_cacerts(cert_store)
       certs = if ENV.key?('SSL_CERT_DIR'.freeze) || ENV.key?('SSL_CERT_FILE')
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index a6c97858..580909c1 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -277,6 +277,33 @@ def test_set_default_paths
     end
   end
 
+  def test_load_cacerts
+    # disables loading default openssl paths
+    stub_x509_const(:DEFAULT_CERT_FILE, '/invalid') do
+      assert_raise(OpenSSL::SSL::SSLError) do
+        @client.get(@url)
+      end
+
+      setup_client
+
+      escape_env do
+        ENV['SSL_CERT_FILE'] = File.join(DIR, 'ca-chain.pem')
+        @client.get(@url)
+      end
+    end
+  end
+
+  def test_default_paths
+    assert_raise(OpenSSL::SSL::SSLError) do
+      @client.get(@url)
+    end
+    escape_env do
+      ENV['SSL_CERT_FILE'] = File.join(DIR, 'ca-chain.pem')
+      setup_client
+      @client.get(@url)
+    end
+  end
+
   def test_no_sslv3
     teardown_server
     setup_server_with_ssl_version(:SSLv3)
@@ -461,6 +488,20 @@ def test_timeout
 
 private
 
+  def stub_x509_const(name, value)
+    OpenSSL::X509.module_eval do
+      begin
+        original = remove_const(name)
+        const_set(name, value)
+
+        yield
+      ensure
+        remove_const(name)
+        const_set(name, original)
+      end
+    end
+  end
+
   def cert(filename)
     OpenSSL::X509::Certificate.new(File.read(File.join(DIR, filename)))
   end